The Bugbear virus shows no sign of receding and is continuing to
wreak havoc among Internet users.
The VirusEye monitoring service run by security firm MessageLabs
reported more than 20,000 new occurrences of Bugbear on Friday
morning alone, bringing the total to 99,000.
Bugbear, released six days ago, is not only spreading fast but it
is also becoming increasingly difficult to protect against, warned
MessageLabs antivirus technologist Alex Shipp.
The virus replicates by attaching itself to a copy of the body text
from legitimate e-mail messages in a user's inbox, Shipp
said.
Users are more likely to open this sort of message, he said,
because they appear legitimate. Another factor contributing to the
spread of the virus is that the size of the attachment is
constantly changing.
This means e-mail administrators cannot reliably warn end users
that an attachment of a given size may contain the Bugbear
virus.
"We are seeing a lot of cases where two viruses are being sent in a
single e-mail attachment," added Shipp. If a user infected by a
virus such as FunLove receives Bugbear, the Bugbear attachment
itself becomes infected. So when it is mailed out, the unsuspecting
recipient receives both viruses.
According to Mark Sunner, chief technology officer at MessageLabs,
"Bugbear proves that new viruses can still take e-mail users and
antivirus vendors by surprise. It is testament to the fact that new
viruses cannot be stopped effectively with AV software".
McAfee Avert, the antivirus software vendor's research lab, today
(4 October) upgraded Bugbear to "high risk". Jack Clark, product
marketing manager, McAfee Security, reiterated some basic tenets of
good IT security. Users should not double click on unexpected
attachments and administrators should ensure that applications, in
this case Microsoft Outlook, are fully patched, he said.
"System administrators need to be scanning SMTP and should also
look to use some kind of desktop firewall to prevent the malicious
use of network shares," he added.