New version of Bugbear mauling users

A new version of the Bugbear virus is spreading quickly on the Internet, according to alerts posted by leading antivirus companies.

The new variant, called Bugbear.B, was first detected on Thursday and shares many of the same characteristics as the first Bugbear virus, which appeared in September, 2002 and was also known as "Tanatos," according to Helsinki, Finland-based antivirus company F-Secure Corp.

At least one antivirus company, Network Associates Inc., upgraded its rating on the new virus to "high," the first virus since Slammer to achieve that rating, according to a spokeswoman for Network Associates' McAfee business unit.

Like the first Bugbear virus, the Bugbear.B is an e-mail worm, which spreads by sending copies of itself out as attachments in e-mail messages.

Like its predecessor, Bugbear.B attempts to exploit known vulnerabilities in Microsoft Corp.'s Outlook, Outlook Express and Internet Explorer products that enables attachments to be automatically opened when the e-mail containing them is opened, according to antivirus company Sophos PLC.

Also like the first Bugbear, Bugbear.B is a messy virus that makes a number of modifications to the systems it infects while dropping copies of programs that can snoop on a user's activity, infecting common Windows applications and opening a back door that could be used by hackers, according to Sophos.

Bugbear.B is also capable of detecting and shutting down antivirus programs that it finds running on the systems it infects, Sophos said.

The Bugbear.B virus arrives in e-mail messages with a variety of subjects such as "Your news Alert," "Your Gift," "click on this!" and "cows."

In addition to pulling subjects from a list it maintains internally, the virus randomly excerpts content from files on the hard drives of computers it infects and uses that information to supply the subject line for messages carrying the virus, according to David Emm, marketing manager for McAfee AVERT.

Like the subject line, the e-mail attachment containing the virus code also uses a variety of names chosen from a list maintained by the worm or grabbed from files on the infected host computer.

Attachments use a variety of file extensions including ".exe," ".scr" and "pif," and names such as "readme," "setup," "photo," and "news," according to F-Secure.

Bugbear.B also contains address spoofing features that enables it to pull e-mail addresses skimmed from files on the infected computer and insert them in the "From" line of the e-mails it sends out, Emm said.

Recipients might be tricked into opening the message from a trusted source, and can also be fooled into thinking that the sender's machine has been infected with Bugbear.B, when another machine is really the source, he said.

Unlike the first Bugbear virus, however, the new variant is "polymorphic," meaning that it is capable of subtly changing the way the virus code is encrypted to fool antivirus software, he said.

"There's a potential danger with polymorphic viruses that if you don't construct your virus detector properly, you could miss some samples," he said.

McAfee AVERT first detected the new Bugbear variant on Wednesday, upgrading it to a "Medium" risk and then to a "High" risk on Thursday and the number of reported infections mounted.

Other antivirus companies, including Symantec Corp. and F-Secure continued to rate Bugbear.B as a moderate risk early Thursday.

The sheer number of actions taken by the virus after it infects machines, including its ability to squelch antivirus software, install a backdoor on machines and infect common application executable files, which then reinfect machines when they are opened, makes disinfecting machines hit with the virus more complex than with previous viruses, Emm said.

Antivirus companies recommended that customers update their antivirus software to protect against Bugbear.B. Instructions and tools for removing the virus from infected machine were also provided by leading antivirus vendors.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?