Bugbear attack continues to wreak havoc


Bugbear attack continues to wreak havoc

Cliff Saran
The Bugbear virus shows no sign of receding and is continuing to wreak havoc among Internet users.

The VirusEye monitoring service run by security firm MessageLabs reported more than 20,000 new occurrences of Bugbear on Friday morning alone, bringing the total to 99,000.

Bugbear, released six days ago, is not only spreading fast but it is also becoming increasingly difficult to protect against, warned MessageLabs antivirus technologist Alex Shipp.

The virus replicates by attaching itself to a copy of the body text from legitimate e-mail messages in a user's inbox, Shipp said.

Users are more likely to open this sort of message, he said, because they appear legitimate. Another factor contributing to the spread of the virus is that the size of the attachment is constantly changing.

This means e-mail administrators cannot reliably warn end users that an attachment of a given size may contain the Bugbear virus.

"We are seeing a lot of cases where two viruses are being sent in a single e-mail attachment," added Shipp. If a user infected by a virus such as FunLove receives Bugbear, the Bugbear attachment itself becomes infected. So when it is mailed out, the unsuspecting recipient receives both viruses.

According to Mark Sunner, chief technology officer at MessageLabs, "Bugbear proves that new viruses can still take e-mail users and antivirus vendors by surprise. It is testament to the fact that new viruses cannot be stopped effectively with AV software".

McAfee Avert, the antivirus software vendor's research lab, today (4 October) upgraded Bugbear to "high risk". Jack Clark, product marketing manager, McAfee Security, reiterated some basic tenets of good IT security. Users should not double click on unexpected attachments and administrators should ensure that applications, in this case Microsoft Outlook, are fully patched, he said.

"System administrators need to be scanning SMTP and should also look to use some kind of desktop firewall to prevent the malicious use of network shares," he added.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy