Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

'High Risk' Virus Spreading Rapidly

From: InfoSec News <isn () c4i org>
Date: Fri, 6 Jun 2003 01:06:00 -0500 (CDT)
http://www.eweek.com/article2/0,3959,1118559,00.asp

By Dennis Fisher
June 5, 2003 

A new variant of the dangerous Bugbear virus is on the loose and has 
begun spreading rapidly. Bugbear.B is quite similar to the original 
virus except that the new version contains a keystroke logger and is 
capable of changing its appearance to evade detection. 
As of about 4 p.m. EDT Thursday, MessageLabs had stopped more than 
55,000 copies of the new strain of Bugbear, which is infecting about 
one in every 200 pieces of e-mail, according to the company's 
statistics. 

The fast-moving Bugbear.B virus continued to spread Thursday 
afternoon, but most of the damage has been done outside the United 
States. England and Italy have been the hardest hit so far, according 
to statistics compiled by New York-based e-mail security provider 
MessageLabs Inc. 

Anti-virus experts say the infection method and behavior of the virus 
should come as no surprise. And yet, users continue to open the 
infected attachments, wreaking havoc on corporate mail servers and 
networks. "We can stop looking for worms of mass disruption—Bugbear.B 
is it. The original Bugbear was amongst leading disrupters of business 
activity in 2002, and Bugbear.B is poised to follow in its footsteps," 
said Brad Meehan, director of product management, eTrust Threat 
Management Solutions, at Computer Associates International Inc., in 
Islandia, N.Y. 

The virus first showed up on the Internet Wednesday, and anti-virus 
companies say that it has been infecting PCs at an alarming rate. 
Message Labs Inc., a New York-based e-mail security company, has 
stopped more than 17,000 copies of the virus since last night. 

Bugbear.B is the second virus to make waves this week, following in 
the footsteps of Sobig.C, which hit the Internet on Monday. 

Bugbear.B is a typical mass-mailing virus, containing its own SMTP 
engine. The sending address and subject line on the virus-infected 
e-mails vary widely and appear to be random. 

Bugbear.B is capable of spoofing addresses in several domains, some of 
which are high-profile companies such as Microsoft Corp., and several 
financial concerns. 

The attachment containing the virus also has a random name, but is 
always 73.728 kb and has either a .pif, .exe or .scr file extension. 
The text in the e-mail message varies, as well. 

Once resident on a PC, the virus creates a file that stores all of the 
keystrokes typed on the infected machine. Bugbear.B is also capable of 
disabling several kinds of anti-virus software and personal firewalls. 

Network Associates Inc.'s McAfee Security unit has classified 
Bugbear.B as a high risk. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: