E-Mail Worm Continues to Spread

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A50944-2002Oct6.html

The Associated Press
Sunday, October 6, 2002

NEW YORK -- An e-mail-borne computer virus that lets hackers control
infected machines remotely continues to spread and constitutes the
most severe attack this year, experts say.

The worm, known as W32.Bugbear, or I-Worm.Tanatos, infects computers
that use Microsoft's Windows operating systems. It was first spotted a
week ago and has spread to dozens of countries.

Once a machine is infected, a hacker could steal and delete
information from it.

Some subject lines for the e-mail are "bad news," "Membership
Confirmation," "Market Update Report," and "Your Gift."

The worm replicates itself through a Windows machine's e-mail address
book and can attach itself to previously sent e-mail messages.

The worm can also spread through network systems and has
keystroke-logging and backdoor capabilities that allow hackers to
intercept passwords and gain access to computers over the Internet.

It also attempts to terminate various antivirus and firewall programs,
according to Symantec Corp., which has posted a downloadable repair on
its Web site. Symantec has rated Bugbear a severe threat.

Bugbear is currently the worst computer security outbreak globally,
Mikko Hypponen, manager of anti-virus research at F-Secure Corp. in
Helsinki, Finland, said in an e-mail to The Associated Press.

F-Secure also has posted a fix on its Web site.

The worm is expected to last well into next year because many
consumers will not realize their computer is infected, Hypponen said.

Microsoft issued a patch last year, Security Bulletin MS01-027. But
many users to do not keep their machines current with patches.

On the Net:

http://www.f-secure.com 
http://www.symantec.com




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.