WARNING : Virus makes unwelcome return

[bongme]

hi

Few viruses are as easy to spot as this

Thursday, 5 June, 2003

People are being warned to be wary of a new variant of a Windows virus that wrought havoc last year.

Bugbear was one of the most virulent viruses of 2002 and has now returned in a new guise.

The variant is packed with a variety of malicious programs that help the virus spread, steal confidential information, hide its origins and disable security software.

PC owners are being advised to update their anti-virus software and be suspicious of e-mail messages they were not expecting.

"Not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit card details or for some other nefarious purpose," said Paul Wood, Chief Information Analyst at MessageLabs.

Lethal package

The new B variant of the Bugbear shares some characteristics of its ancestor as it is designed to exploit vulnerabilities in Windows PCs.

Like many other viruses it exploits loopholes in the popular Outlook e-mail program to infect machines.

BUGBEAR SUBJECT LINES

Greets!

Your Gift

Your News Alert

free shipping!

Membership Confirmation

update

history screen

bad news

I need help about script!!!

Stats

The virus itself arrives as an attachment but uses a lot of different names for the payload to make it harder to spot.

To lend itself credibility the virus uses document names stolen from the PC the virus came from.

However, because it uses a double suffix on the attachment filename, many anti-virus programs should be able to pick it out.

When it reaches a new victim, the virus searches for addresses to despatch itself to and also picks a random e-mail address for the 'from' line to cover its tracks. This also makes it difficult for someone to find out who has sent them the virus.

The virus also tries to spread by copying itself to any hard drives shared with infected machines.

Sometimes this results in network connected printers spewing out page after page of garbage.

In an attempt to stop itself being found and deleted, Bugbear.B looks for copies of well-known anti-virus packages and tries to turn them off.

Bugbear.B also tries to install a key logging program that records which keys a person presses.

Finally, the virus opens up a backdoor to the net that could let its creator take control of any infected machine.

In an attempt to avoid being spotted by anti-virus programs that look for particular signatures, Bugbear.B appears to have the ability to reformat itself as it travels to new hosts.

Anti-virus firms say they have received a few thousand copies of the virus which has now infected machines in more than 20 countries.

Bongme