The W32/Bugbear virus, also known as Tanatos, is being circulated as an e-mail attachment.
Vincent Gullotto, vice-president of the McAfee AVERT (Anti-Virus Emergency Response Team) at Network Associates said the e-mail is sent with a wide variety of subject lines such as "bad news", "Membership Confirmation", "Market Update Report", and "Your Gift". He warned that Bugbear also appears to use randomly generated names and multiple file extensions to avoid detection by anti-virus software.
Gullotto said, once activated, the virus shuts down scores of vital processes used by Windows and by anti-virus software, records user keystrokes and creates a backdoor that could be used by attackers at a later date to access the machine. It also attempts to mail copies of itself to other users, randomly generating new subject lines and virus executable names.
Researchers at a number of anti-virus firms believed the virus would not be able to spread as rampantly as previous viruses and worms such as Klez. Mark Toshack, a virus analyst at MessageLabs said, "We had problems replicating Bugbear - but it does appear to replicate."
He suggested that the virus might replicate only on very specific Windows PC configurations. However, in the past 24 hours, the MessageLabs VirusEye scanning service counted 5,776 occurrences of Bugbear, making it the third most virulent virus for the period. Klez had the number one spot, with 18,773 occurances.