Security experts warn that W32.Bugbear.B@mm, a variant of the original Bugbear worm, is creating a new Internet security threat. The virus may also be trying to target banks.
Netxactics, local Sophos distributor, says the virus spreads by sending itself in e-mails, and by copying itself across networks. It is based upon the original Bugbear worm, which was the second most commonly reported virus in 2002.
"The new version has a new trick up its sleeve - it is polymorphic, meaning it changes its appearance in an attempt to avoid detection," says Brett Myroff, CEO of Netxactics.
The worm, which takes advantage of a vulnerability in Microsoft Internet Explorer, is reported to send e-mail with subject lines such as "Interesting...", "Just a reminder", "free shipping", "Get a free gift!" or "Hi!". The virus infects a select list of executable files. The worm has keystroke-logging and backdoor capabilities, and also attempts to terminate the processes of various anti-virus and firewall programs.
Symantec Security Response experts also report that the worm contains a list of more than 1 300 targeted bank domain names worldwide. Symantec says if W32.Bugbear.B determines that the default e-mail address for the affected system belongs to a banking company, it enables auto dialling, which could allow the hacker to gain control of the machine by connecting to the Internet to gain additional instructions. The firm says auto dialling, coupled with the keystroke-logging capabilities, is likely an attempt to steal passwords more effectively.
"It is very troubling to see virus infections for this new variant of Worm/BugBear taking off worldwide," says Steven Sundermeier, product manager of international anti-virus firm Central Command. "As did its predecessor, Worm/BugBear.B contains multiple malicious payloads including the ability to gather passwords and credit card numbers by logging keystrokes and relaying that personal, sensitive information."
Symantec`s South African office says as of 5 June, the company`s Security Response has seen the average number of submissions double every hour, with 75% of the total submissions coming from Europe, and 23% coming from the US. The remaining few submissions are from the Asia Pacific region.
Security companies have upgraded the Bugbear variant`s status to a higher alert level, and Symantec reports that it is currently rated as a level four worm on a scale of one to five, with five being the most dangerous.
Share