October 3, 2002 4:01 PM PDT

Bugbear virus shows its claws

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Bugbear virus targets Internet Explorer
October 1, 2002; New Bugbear virus tries to spy
September 30, 2002; Government unveils cybersecurity plan
September 18, 2002; Microsoft Outlook's so-so security
March 21, 2002

The Bugbear virus continued to spread, spurring several antivirus software makers to raise their estimates of the program's danger for the second time this week.

Security software maker Symantec increased on Wednesday its rating of the virus to a 4 out of 5, while rival firm Network Associates bumped up its estimate of the infectious program on Thursday to a high danger from a medium.

"It doesn't show any sign of slowing down right now," said Craig Schmugar, virus research engineer for Network Associates' McAfee antivirus emergency response team on Thursday. "We have seen 50 to 60 percent more submissions today than yesterday."

Also known as Tanatos, the mass-mailing Bugbear computer virus can automatically infect Windows systems whose users haven't patched an 18-month-old flaw in Internet Explorer. PC users who have plugged the security hole still have to be careful--even if an automatic attack is blocked, opening the attachment will still allow the virus to infect a computer.

The virus copies itself to the hard drive of the victim's PC as well as to any other computers that share their drives over a network to which the infected system is attached.

Once in place, the computer virus stops a variety of security and antivirus programs from running. It also searches for e-mail addresses and sends itself as an e-mail attachment to every address that it finds. In addition, Bugbear opens up a "backdoor" on the computer through which an Internet attack can sneak into the system, and records everything a user types in certain windows, such as those for entering passwords. It occasionally sends off the file containing the keystrokes to several e-mail addresses.

Bugbear borrows many pages from the playbook of another successful virus, Klez.h. That virus has been the most prevalent computer virus for the past 6 months, according to data from e-mail service provider MessageLabs.

Part of Bugbear's success is due to its using its own e-mail engine to send off infected messages. As a result, the infected messages it sends contain a random e-mail address in the header's "from" field. This can camouflage, to some degree, the e-mail's source, which makes it difficult to determine whose computer sent the infected message. Identifying the infected computer, therefore, is that much more difficult.

The tactic has been so effective that Bugbear created more than 200,000 e-mail messages seen by MessageLabs' gateway in the last 24 hours, far outpacing the almost 60,000 messages created by Klez.h.

Latest tech news headlines

At the TechCrunch50, an unfair advantage?
Posted in Webware by Rafe Needleman

September 6, 2008 4:33 PM PDT
Facebook botnet risk revealed
Posted in News - Security by Elinor Mills

September 6, 2008 1:44 PM PDT
Security firm spots Chrome 'SaveAs' flaw
Posted in News - Security by Jonathan Skillings

September 6, 2008 11:33 AM PDT

Resource center from News.com sponsors

What you need in business class email.

Mailtrust

Never worry about email again. From mobility and shared calendaring to virus and spam protection starting at only $3 per mailbox. more>

Total Email Relief

We'll take care of your email so you can take care of your business.

14 Day Free Trial

With expert support 24x7x365 we guarentee 100% uptime. Try us for free for 14 days. Never worry about your email again.

Just $3 per mailbox

Choose the plan that is right for your company and only pay for what you need.

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Outside the Lines
EIC Squared: Chrome, iPods, and a Dell-Salesforce union
On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
At 10 years old, whither Google?
Daniel Sieberg of CBS News looks at how the company grew exponentially from start-up to superstar and part of our culture, but what's ahead?
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
At the TechCrunch50, an unfair advantage?
Inside baseball: How Webware and other blogs can compete with TechCrunch in covering the TechCrunch50 event.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.