|
|
|
|
COMPUTER RESEARCH & TECHNOLOGY |
|
The virus appeared a few days ago and is regarded as one of the most virulent yet seen. Bugbear was first spotted on 29 September and the first copy of the worm was seen in Malaysia. The Bugbear e-mail virus is still going strong and could have infected hundreds of thousands of computers worldwide. Estimates of the damage the virus has done are difficult to make. One anti-virus firm MessageLabs has reported 60,000 copies so far. The UK, Australia and the US have been worst affected but the virus has emerged in 100 different countries. What does the Virus do? BugBear records users' keystrokes to capture passwords, attaches itself to emails and copies itself onto computers. It jumps anti-virus and firewall programs and may allow unauthorised access to compromised machines. The virus replicates itself at a rapid rate. The virus is so active computer users have received emails from themselves containing the virus. It relies on people actually executing the attachment so it's what we call a socially engineered virus. People see that it's come from maybe a friend, it may have an attachment that looks okay, they double-click on it and pretty quickly they're infected. It will infect your computer and then choose a different name from your address book to send itself on to your contacts. This makes it difficult to know who has infected whom. Once running, Bugbear searches a PC for email addresses and uses its own email engine to send off infected messages to each address listed. In addition, it uses random email addresses in the "from" field of the header to camouflage where the infected message is coming from. The virus also attempts to shut down a host of security programs and antivirus measures, including many personal firewall programs and most popular antivirus scanning engines. Lastly, Bugbear sends off an encrypted file with information about the computer to a predefined email address and opens a backdoor for network attackers to use to sneak into the system. Possessed printer If your printer seems possessed by some kind of phantom then you probably have the Bugbear virus. Ironically a bug in the virus that makes it confuse printers with computers means that printers are likely to suddenly start churning out reams of paper, an obvious clue to office workers. Who are the most affected so far?< Generally the virus is not hitting workplaces as much as home users who have not taken anti-virus protection. How do we identify the virus when it hits our mailbox? One of the only ways to spot the virus is in the size of the attachment, which is always 50,688 bytes. The Bugbear virus has a vicious payload. It can compromise secure transactions and passwords, make computers vulnerable to hackers, disable anti-virus software and distribute potentially confidential e-mails. How dangerous is this virus? It is likely to knock Klez.H off the top spot for number of infections this month and, like Klez, will be around for months to come. Here's the feature that has many experts scratching their heads. Bugbear can disable anti-virus software. When you scan your computer to see if it's been infected, Bugbear hides among your files, creating its own little terrorist sleeper cell in your Windows software. The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an email message execute when the text of the message appears in Outlook. The software problem was patched by Microsoft almost 18 months ago, but some users apparently have not updated their computers. How do we protect ourselves from this virus? To prevent infection, Windows users should download the Microsoft patch, update their antivirus software and refrain from opening an attachment unless the sender confirms he or she sent it. The virus is difficult to spot as the e-mail has more than 50 different catch lines, many of which seem plausible, such as Market Update Report, Announcement, Scam Alert and Membership Confirmation. Arthur Hissey |
|
ETOPICS |
|
Keep up to date with the latest in the IT/Communications industry by listening to ABC Local Radio on FM107.1, every Tuesday morning at 9.15AM. Computer Research & Technology Managing Director Arthur Hissey and Morning Host Janice McGilchrist will be discussing current matters of interest and future directions in the IT industry. Transcripts of these discussions and other topics are available, just click on the links. |
|
ETopic Archives |
| Check out the ETopic Archives |
| Full Archive List |
| Browse Alphabetically |
| A - E |
| F - J |
| K - O |
| P - U |
| V - Z |
| Last 5 ETopics |
| A Map? On Flickr? Is that a question? |
| Net ID scheme offers passport to online safety, especially for children online |
| What is ViewDo? ViewDo Helps People Help Themselves |
| Australian Dictionary of Biography Online |
| Google Earth Revisited |
Millions of computers around the world have been infected by
a new virus called BugBear.