A R C H I V E S
Madinat al-Muslimeen Islamic Message Board
| New Bugbear beats its ancestor |
|---|
| siddiqui |
| 06/06/03 at 11:59:49 |
| The new variant of the Bugbear virus has spread faster than its ancestor and could do more damage. In only 24 hours Bugbear.B has achieved what it took its ancestor three days to do. Almost all anti-virus firms have issued a high-level warning about the pernicious program to reflect its virulence and the potential damage it could do. Mail filtering firm MessageLabs says that, so far, it has stopped more than 115,000 copies of the virus. Lethal payload The virus is spreading so fast because it tries to spread and trick people into opening it via many different methods. Anti-virus firms call such viruses "blended threats" because they roll into one package techniques that, until recently, were only found in individual viruses. MessageLabs reports that the virus has infected machines in 159 countries. Anti-virus firm Symantec said that for a while the average number of copies of the virus submitted to it doubled every hour. About 75% of the submissions were coming from Europe. Many people may have been caught because Bugbear.B exploits a bug in Microsoft Outlook that automatically opens e-mail attachments. The virus also tries to make the messages it sends look innocent by inserting text stolen from documents on machines it has infected. PC owners are being advised to update their anti-virus software and be suspicious of e-mail messages they were not expecting. "Not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit card details or for some other nefarious purpose," said Paul Wood, Chief Information Analyst at MessageLabs. Sneaky tactics The virus itself arrives as an attachment but uses a lot of different names for the payload to make it harder to spot. To lend itself credibility the virus uses document names stolen from an infected PC. BUGBEAR SUBJECT LINES Greets! Your Gift Your News Alert free shipping! Membership Confirmation update history screen bad news I need help about script!!! Stats However, because it uses a double suffix on the attachment filename, many anti-virus programs should be able to pick it out. When it reaches a new victim, the virus searches for addresses to despatch itself to and also picks a random e-mail address for the 'from' line to cover its tracks. This also makes it difficult to find out where the virus came from. The virus also tries to spread by copying itself to hard drives infected machines share with others. Sometimes this results in network connected printers spewing out page after page of garbage. In an attempt to stop itself being found and deleted, Bugbear.B looks for copies of well-known anti-virus packages and tries to turn them off. Bugbear.B also tries to install a key logging program that records which keys a person presses. The virus opens up a backdoor to the net that could let its creator take control of any infected machine. In an attempt to avoid being spotted by anti-virus programs that look for particular signatures, Bugbear.B can reformat itself as it travels to new victims. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/2968852.stm Published: 2003/06/06 12:04:11 GMT © BBC MMIII |
Madinat al-Muslimeen Islamic Message Board |