Chief Cushie ~MaryO~ Posted October 7, 2002 Chief Cushie Report Share Posted October 7, 2002 http://www.cnn.com/2002/TECH/internet/10/0...bear/index.html 'Bugbear' worms in, opens doors to hackers By Jeordan Legon (CNN) Friday, October 4, 2002 Posted: 5:40 PM EDT (2140 GMT) (CNN) -- The stealthy "Bugbear" worm continued on a ravenous digital path this week, prompting anti-virus firms to escalate warnings from moderate to high and leaving thousands of computers worldwide at the mercy of hackers. But initially, at least, the virus was not causing major problems for computer users, because its purpose appeared to be to open communication ports on infected systems and to replicate itself, not to destroy files. "It appears to be designed by someone who intended to steal credit card info or other data, not necessarily destroy files," said George Stagonis, a researcher for anti-virus company Central Command. While experts hoped the bug would be contained at its source in Malaysia on Monday, the virus rapidly made its way around the world as users in Asia, Europe, Canada and the United States fired up their computers to check e-mail. At least 120,000 people reported infections to British anti-virus firm MessageLabs by Friday. Thousands more logged attacks in Ireland, Australia, Canada and the United States. The number of new cases reported daily is rivaling, and even exceeding, that of the better-known Klez virus, a similar bug that hit millions of computers this year. Central Command received 5221 reports of new infections Thursday -- evenly split between the United States and Europe. The company booked an average of 4,000 daily Klez infections when that virus was at its height, Stagonis said. "We don't think it's peaked yet because it's staying way ahead of people updating their anti-virus software," said George Stagonis, a researcher for anti-virus company Central Command. What makes the virus dangerous? Bugbear, also known as Tanatos, doesn't destroy files like its viral cousins "Melissa," "Michelangelo" and "Iloveyou." Instead, it disables popular firewall and anti-virus protections and prepares a port that can receive instructions from remote users. That is what makes the virus so dangerous, experts say. Hackers aware of this vulnerability will search for open ports on infected computers. Once found, attackers can access passwords, view or destroy data and get reports of keystrokes being entered ? including credit card numbers and other sensitive information. All of this happens without the knowledge of the hacked computer owner or business. Silent spread When the virus first appeared, anti-virus gurus were unable to mirror the spread of the bug in their labs. Many thought Bugbear would remain a minor threat. "We still haven't managed to replicate it in our labs, but obviously it's replicating," said Alex Shipp, a tech with MessageLabs. "One of the theories is that this requires an Internet connection in order to spread." The virus spreads quickly by disguising infected messages as "replys" or "forwards" to an existing message. It targets known vulnerabilities in Windows systems and has no trouble moving through banks of networked office computers, said Vincent Weafer, of Symantec Security Response. "Once it gets into a machine it will try to replicate itself from machine to machine," Weafer said. Avoid infection While the virus is difficult to spot, there are ways to avoid it. The file can arrive in mails with varied subject headings, but almost always it has an attachment that is 50,668 bytes, Shipp said. Also, computer owners should make certain that Internet Explorer's I-FRAME patch is installed, which prevents the bug from automatically downloading itself from an infected message. And they should update to new versions of Microsoft Outlook message program, which are less prone to infection. The one bright spot in all of this, said Shipp, is that many people are updating their anti-virus software and making sure firewalls are up, which appears to be killing off the Klez virus. The bad news is "this new one is just as bad, if not worse, than Klez," Shipp said. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.