VIRUS ALERT: Son of Bugbear running wild on Net
By Matt Whipp
Posted on 5 Jun 2003 at 15:39
Sophos has warned that since the initial detection of the Bugbear-B virus, reports of infections have rocketed and people should update anti-virus software now.
The name should already be familiar - Bugbear-A appeared last October and swiftly rose to notoriety, accounting for 10 per cent of virus infections within 36 hours, according to Integralis.
Now the bug has reappeared, but with polymorphic capabilities that aid it in avoiding being detected.
It still retains its tenacity, however - aside from carrying its own SMTP engine with which to replicate itself by emailing to addresses found on the infected computer, it also spreads across network shares and infects other shared resources including components of instant messaging and peer-to-peer file-sharing programs.
It also starts up a background process that attempts to shut down many well-known antivirus programs.
If the virus does infect your computer, it will install an executable file of 7,2192 bytes in the Startup folder and .DLL file of 5,632 bytes in size to the System folder.
This latter is a keystroke logging component which copies keyboard actions to memory. The virus also drops a backdoor Trojan that opens port 1080 to listen for commands. A remote user can execute a fair amount of control using this, such as finding, copying, editing, downloading, running and deleting files as well as listing and terminating processes. However, an attacker could use this to open up port 80, used for HTTP traffic, and gain more control over the system.
It can also deliver key information about the system and send back any cached passwords (although these will remain encrypted).
Bugbear-B exploits MIME and iFRAME flaws in versions of Outlook and IE that were first publicised by Microsoft more than two years ago and unpatched systems can be compromised to run email attachments without them being manually edited. Those who may not have patched their system to block such an attempt can shore up their systems at this Microsoft page.
Sophos is warning users to update their antivirus software now. 'If you do not have procedures for rapid updates, implement them now, because you are sure to need them again,' it warns corporate customers. It also advises blocking all executable programs at the email gateway.
For more information on Bugbear-B, visit the Sophos Web site.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
