- Related Stories
-
New Bugbear virus tries to spy
September 30, 2002 -
Slapper worm smarting less
September 20, 2002 -
Government unveils cybersecurity plan
September 18, 2002 -
Safety: Assessing the infrastructure risk
August 26, 2002 -
Microsoft Outlook's so-so security
March 21, 2002
Known as W32.Bugbear or I-Worm.Tanatos, the mass-mailing computer virus started infecting computers via e-mail on Sunday. On Tuesday, it accounted for nearly 11,000 infected e-mail messages intercepted by e-mail service provider MessageLabs' gateway servers. That placed it second to Klez.h, which accounted for about 14,000 e-mail messages.
"It is so hard to stay up with all the patches," said John Harrington, U.S. marketing director for MessageLabs. Harrington said most home users don't even realize they're missing a needed security fix.
The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5, according to an advisory posted by security company Symantec. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an e-mail message execute when the text of the message appears in Outlook. The software problem was patched by Microsoft almost 18 months ago, but some users apparently have not updated their computers.
Once running, Bugbear searches a PC for e-mail addresses and uses its own e-mail engine to send off infected messages to each address listed. In addition, it uses random e-mail addresses in the "from" field of the header to camouflage where the infected message is coming from.
The virus also attempts to shut down a host of security programs and antivirus measures, including many personal firewall programs and most popular antivirus scanning engines.
Lastly, Bugbear sends off an encrypted file with information about the computer to a predefined e-mail address and opens a backdoor for network attackers to use to sneak into the system.
Symantec upgraded the threat rating of the virus to a "3" on Tuesday from a "2" on Monday, with the most severe rating being a "5." The rating measures various factors including the destructiveness of a virus and how fast and how far the virus has spread.
To prevent infection, Windows users should download the Microsoft patch, update their antivirus software and refrain from opening an attachment unless the sender confirms he or she sent it.
