Latest BugBear variant targets banks

The latest variant of the BugBear computer virus is being investigated by the US Federal Bureau of Investigations (FBI) after the...

The latest variant of the BugBear computer virus is being investigated by the US Federal Bureau of Investigations (FBI) after the virus was found to be specifically targeting banks.

Bill Murray, a spokesman for the FBI said the investigation will track down the originators of the virus through electronic "fingerprints" often left behind within the intricate code.

The FBI has also reminded businesses and home users to adopt safe computing habits, including using up-to-date antivirus protection, firewalls, strong passwords and other methods to protect their systems.

The [email protected] worm is a variant of the [email protected] virus, according to antivirus software company Symantec, which has posted an advisory about the problem.

Symantec upgraded the danger classification of BugBear to Category 4 after receiving a high number of reports from customers. Symantec initially classified BugBear as a Category 3 threat.

BugBear is a mass-mailing worm that also spreads through networks. It can infect executable files and is particularly dangerous because it can log keystrokes on a user's computer, potentially giving personal information and account numbers to an attacker. The virus also contains backdoor capabilities and can shut down antivirus and firewall programs.

Banks are a key target. The worm's code contains a list of more than 1,000 targeted domain names of banks from around the world, according to Symantec.

"We understand that it looks for financial institutions, and when it finds one, it creates its malicious endeavors by trying to install back doors" and other means of intrusion, Murray said.

Suzanne Gorman, chairman of the Financial Services Information Sharing and Analysis Center, a US industry security group said the organisation responded immediately to the first reports of BugBear attacks on banks by warning members to make sure that their security systems are fully in place.

No member banks have so far been infiltrated by the BugBear virus, she said, because of firewalls, antivirus protection and other multilayer IT security systems.

"We have not had any information that any companies have had any computers affected in any way," Gorman said.

"Right now, we're remaining on high alert and watching to see if any problems would crop up. If we see any more outbreaks, we'll reconvene and go from there," she added.

Robin Bloor, an IT and security analyst at Baroudi Bloor, said BugBear is particularly insidious because of its keylogger capabilities, which collect and document user input and provide it to an attacker.

At least one bank in the UK has advised customers of the threat - not because the bank was worried about its security systems being breached, Bloor said, but because of fears that home users of its online banking services might be less prepared to fight a virus.

The bank has changed some of its customer login methods to make it harder for hackers to obtain information through keyloggers, he said.

"It's got to be a problem for all online banks," he said of concerns about the lack of antivirus protection on home computers.

Todd R Weiss wrties for Computerworld

Read more on IT risk management