Don't let Bugbear ruin your day


Don't let Bugbear ruin your day

Users have been warned to take extra care when opening their e-mail today as a new virus which disrupts Windows systems is on the loose.

The W32/Bugbear virus, also known as Tanatos, is being circulated as an e-mail attachment.

Vincent Gullotto, vice-president of the McAfee AVERT (Anti-Virus Emergency Response Team) at Network Associates said the e-mail is sent with a wide variety of subject lines such as "bad news", "Membership Confirmation", "Market Update Report", and "Your Gift". He warned that Bugbear also appears to use randomly generated names and multiple file extensions to avoid detection by anti-virus software.

Gullotto said, once activated, the virus shuts down scores of vital processes used by Windows and by anti-virus software, records user keystrokes and creates a backdoor that could be used by attackers at a later date to access the machine. It also attempts to mail copies of itself to other users, randomly generating new subject lines and virus executable names.

Researchers at a number of anti-virus firms believed the virus would not be able to spread as rampantly as previous viruses and worms such as Klez. Mark Toshack, a virus analyst at MessageLabs said, "We had problems replicating Bugbear - but it does appear to replicate."

He suggested that the virus might replicate only on very specific Windows PC configurations. However, in the past 24 hours, the MessageLabs VirusEye scanning service counted 5,776 occurrences of Bugbear, making it the third most virulent virus for the period. Klez had the number one spot, with 18,773 occurances.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy