News

Danger: Bugbear bounces back

Karl Cushing
Security experts are warning of a new version of an e-mail borne, mass-mailing virus that can disarm local security software, record passwords and provide remote access to an infected machine via an embedded Trojan.

The virus, W32/Bugbear.B-mm, has been given a “high risk” status by security firm McAfee based on its payload and the number of reports from customers.

Jack Clark, technology consultant at McAfee, said the virus contains a “vast array” of infectious vectors, including mass mailing, the ability to spread via network shares, the ability to infect files and a remote access Trojan.

“The Trojan is where we see the largest threat to users - there’s a massive potential for damage,” he said.

The virus installs a "key logger" onto infected machines that allows it to record passwords and save them on the PC, which can then be accessed by a hacker using the remote access Trojan.

An added problem is that the virus has the ability to disarm an “extensive” list of local security software measures such as firewalls and antivirus software.

“We’re back to the old days of educating users to beware of e-mails of a certain type,” said Clark. “We need to stop viruses like this at the gateway - gateway antivirus software really is the way forward.”

E-mail security firm MessageLabs warned that the virus appears to be “very polymorphic in nature” and has the ability to modify itself during each generation, helping it to foil anti-virus software. 

MessageLabs warned that the inclusion of the MS01-020 auto-open exploit in the virus means that unpatched Windows systems will  execute the attachment automatically when an e-mail is opened.

"From the pattern of Bugbear.B emails that we have stopped already this morning, we anticipate that this is likely to reach a very high-level outbreak very soon, particularly as the US begins to come online," said Paul Wood, chief information analyst at MessageLabs.


 

COMMENTS powered by Disqus  //  Commenting policy