Information security company Symantec yesterday took the wraps off a list, compiled by its DeepSight Threat Analyst Team, which lists the URLs of 1 300 banks targeted by the Bugbear.B virus.
On the list are the SA Reserve Bank, Nedbank, Standard Bank Investment Corporation and RMB.
Nedbank`s Andrew Miller says the bank constantly monitors information security, including incoming and outgoing mail, and takes appropriate action. He has not been notified of any specific vulnerability regarding Bugbear.B.
None of the other banks were able to respond in time to ITWeb`s query about potential threats and measures to ward off threats to their customers` information.
Bugbear.B background
This variant of the original Bugbear worm, the second most commonly reported virus last year, is able to change its appearance to avoid detection. It spreads via e-mail and copying itself across networks.
Patrick Evans, regional manager of Symantec Africa region, says as soon as an organisation is infected, the worm attempts to send sensitive data, including username and password of customers, to one of ten hard-coded public Internet e-mail addresses. They are:
ifrbr@canada.com (inbound.canada.com.criticalpath.net)
sdorad@juno.com (mx.nyc.untd.com)
fbnfgh@email.ro (mx0.email.ro)
eruir@hotpop.com (mx1.hotpop.com)
ersdes@truthmail.com (mx1.mta.truthmail.com)
eofb2@blazemail.com (sitemail.everyone.net)
ioter5@yook.de (sitemail.everyone.net)
iuery@myrealbox.com (smtp.myrealbox.com)
jkfhw@wildemail.com (smtp1.wildemail.com)
ds2iahf@kukamail.com (wm-mxk.entergroup.com)
Symantec says its DeepSight Team strongly encourages system administrators to audit their perimeter devices for any signs of outgoing e-mail messages to one of the e-mail addresses included, and if necessary, employ strategies to manage the risk associated with the information that may have leaked out during an infection.
New Symantec products and architecture
Symantec discussed four new products with the SA media yesterday, as well as the Symantec Enterprise Security Architecture (SESA) that underlies them.
The products include a vulnerability assessment tool, which, according to the vendor, opens a new product segment; a version upgrade of Mantrap, called Decoy Server 3.1; a re-branded version of Intruder Alert, now called Host Intruder Detection 4.1; and a version upgrade of Manhunt, 3.0.
"Mantrap was thought to be sexually exploitative," Evans joked, "but we kept Manhunt."
Although these products can operate independently, they work together using SESA and the Symantec Security Management System for one simplified approach to information security, Evans says.
"People have become disillusioned with their continued vulnerability in the presence of so many solutions. They tell us if we can simplify their lives, that would attract them to new solutions.
"There are many good products out there that can identify threats to your information security, but the questions is - what do you do once you`ve determined a threat?"
The vendor says its security management system is security-purposed, unlike vendor-management systems such as IBM Tivoli; it is comprehensive, unlike business management systems; and works in an integrated way, unlike event collectors (firewalls, anti-virus, etc).
All the elements of the management system contain the same alerting, logging and reporting mechanisms. If SESA already underlies the Symantec security products at every network layer, upgrades are simply added. SESA accompanies every Symantec product from now on.
Other-vendor products are managed via bridges and relays, ie events are "sucked out" of them via bridges, and patches sent down via relays.
Share
