Bugbear attack continues to wreak havoc

The Bugbear virus shows no sign of receding and is continuing to wreak havoc among Internet users.

The Bugbear virus shows no sign of receding and is continuing to wreak havoc among Internet users.

The VirusEye monitoring service run by security firm MessageLabs reported more than 20,000 new occurrences of Bugbear on Friday morning alone, bringing the total to 99,000.

Bugbear, released six days ago, is not only spreading fast but it is also becoming increasingly difficult to protect against, warned MessageLabs antivirus technologist Alex Shipp.

The virus replicates by attaching itself to a copy of the body text from legitimate e-mail messages in a user's inbox, Shipp said.

Users are more likely to open this sort of message, he said, because they appear legitimate. Another factor contributing to the spread of the virus is that the size of the attachment is constantly changing.

This means e-mail administrators cannot reliably warn end users that an attachment of a given size may contain the Bugbear virus.

"We are seeing a lot of cases where two viruses are being sent in a single e-mail attachment," added Shipp. If a user infected by a virus such as FunLove receives Bugbear, the Bugbear attachment itself becomes infected. So when it is mailed out, the unsuspecting recipient receives both viruses.

According to Mark Sunner, chief technology officer at MessageLabs, "Bugbear proves that new viruses can still take e-mail users and antivirus vendors by surprise. It is testament to the fact that new viruses cannot be stopped effectively with AV software".

McAfee Avert, the antivirus software vendor's research lab, today (4 October) upgraded Bugbear to "high risk". Jack Clark, product marketing manager, McAfee Security, reiterated some basic tenets of good IT security. Users should not double click on unexpected attachments and administrators should ensure that applications, in this case Microsoft Outlook, are fully patched, he said.

"System administrators need to be scanning SMTP and should also look to use some kind of desktop firewall to prevent the malicious use of network shares," he added.

Read more on IT risk management