For a complete write-up on the "Bugbear" virus from Symantec:    Check it out.
Install this little program (it's free) to protect yourself from Bugbear and other viruses:   MailWasher.
(It can delete unwanted e-mails directly from your ISP before Outlook Express downloads them.)

Friday, October 4, 2002

Malaysia disowns computer virus

KUALA LUMPUR, Malaysia (Reuters) -- Malaysian cyber detectives tracking a new computer worm that disables security software said there was no proof it came from Malaysia, as some reports suggest, or that it was being used for credit card fraud.
Anti-virus firms warned computer users on Monday that the 'Bugbear' worm opens up a backdoor in the computers and logs keystrokes.
A British-based technology news website,, reported earlier this week that the worm was first detected in Malaysia, and had the ability to steal password and credit card details.
The infamous "Love Bug" and "Nimda" worms both originated in the neighboring Philippines.
"We are analyzing the worm but we find no justification to the claim that it was discovered in Malaysia or may have even originated here," said Raja Azrina Raja Othman, deputy director of the government's National Information, Communications Technology Security and Emergency Response Center (NISER) on Friday.
She said there was also no evidence that the worm had been used by credit card fraudsters.
"There is a lot of credit card abuse already on the Net and it is not necessarily caused by worms," Raja Azrina told Reuters.
"The person who invented the Bugbear may have had that in mind but we don't see the worm exploiting that feature very much," she added.
Raja Azarina said initial investigations by NISER showed Bugbear was "easily spreading."
"We find it has very similar characteristics to the KLEZ," she said, referring to an earlier virus which sends e-mails with randomly named attachments and subject fields.
The Bugbear worm takes advantage of a known vulnerability in Microsoft Corp's Internet Explorer, said Vincent Gullotto, vice president of the anti-virus response team at Network Associates Inc.
It shuts down anti-virus and firewall software designed to block out intruders and can spread by dropping copies of itself into folders on shared networks, which are commonly used at corporations and large organizations, he said.
The worm, which was seen in the United Kingdom, Poland, Finland, India and the United States, seems to have leveled off, Gullotto said.
MessageLabs, a UK-based e-mail outsourcing provider, said that it had seen 1,200 copies of the worm and that the first copy it received was from Malaysia.

Saturday Oct 5 2002

Virulent e-mail bug lets hackers steal credit card details

By Marianne Brun-Rovet

A new e-mail virus that allows hackers to steal credit card numbers and online banking details has spread to more than 100 countries, computer security experts warned yesterday.
"Bugbear", which was first spotted on Sunday in Malaysia, has affected the Asia-Pacific region worst, closely followed by the UK, continental Europe and the US.
Avecho, an anti-virus and anti-spam service provider, said Bugbear was particularly dangerous because it targets small to medium-sized businesses as well as individuals.
"Its effects are designed specifically to steal money from the personal or small business e-mail user who buys items over the internet. Every home shopper is at risk of having their credit or debit card details taken."
Bugbear is what security experts call a "blended threat". It is one of the first viruses to use a combination of tactics to open files, install a key logger and mass e-mail itself to the recipients' address book all at once.
It can disable anti-virus and firewall programs designed to protect computers from attack. This means the virus has to be neutralised quickly: once it is in the system it is more difficult to stop. Bugbear can also install a "trojan" that will allow hackers remote access to compromised machines.
The main novelty in Bugbear is that it takes existing e-mails and adds an attachment to them, making it easier to fool users. Alex Shipp, anti-virus technologist at MessageLabs, an e-mail security company, warned that the e-mail could have more than 50 different catchlines, many of which seemed plausible.
MessageLabs has blocked more than 120,000 infected e-mails since Sunday and has warned the virus "has not shown any signs of slowing down".
Mark Sunner, chief technology officer, said: "There have been few new viruses in 2002, although levels of virus activity have never been higher. Bugbear proves that new viruses can still take e-mail users and anti-virus vendors by surprise."
The virus has hit as consumers become reliant on online shopping. Research published yesterday by Barclaycard showed consumers spent 2.3bn a year shopping on the internet when they get home from work.
A third of online shopping was conducted between the hours of 6pm and 9pm. A total of 44.8m was spent after the shops shut each week against 89.7m during the day.

04 October 2002

New virus 'Bugbear' hits computers worldwide

The first computer affected was reportedly in Malaysia, but computer experts said this does not mean the virus originated there.

Millions of computers worldwide have been infected this week by a fast-replicating virus called Bugbear and security experts warned on Friday that the threat was still accelerating.
Bugbear, known as a mass-mailing worm because it spreads itself through computer users' e-mails, was first identified by a security team in Sydney on Sunday.
Experts said Bugbear arrives disguised as attachments to e-mails, possibly labelled with the names of friends or colleagues, and then exploits the user's address book to replicate itself in new mails.
Since then it has spread worldwide, affecting millions of computers in Europe, the US and Asia, with Britain being the hardest hit followed by Australia and New Zealand.
Bugbear is what security experts call a "blended threat", carrying out multiple attacks once inside a computer.
It records users' keystrokes to capture passwords or credit card numbers, attaches itself to e-mails and copies itself onto computers.
The virus is also capable of disabling anti-virus and firewall programmes, can install a "trojan" that will allow hackers remote access to compromised machines.
The virus infects only computers operating on the Microsoft Windows operating system and uses the Microsoft Outlook e-mail programme.
One sign of the virus is that the size of the attachment is always 50,688 bytes, experts said.
The first computer affected was reportedly in Malaysia, but computer experts said this does not mean the virus originated there.

3 October 2002

Virus alert issued over BugBear

Computer users have been warned about a new virus which enables hackers to steal credit card numbers and online banking details.
The BugBear virus, which arrives as an e-mail, allows hackers to scan computers and access banking details and passwords which have been entered since the virus was received.
It was first seen on Sunday, but since then has spread rapidly to more than 100 countries.
Alex Shipp, senior anti-virus technologist at e-mail filtering firm MessageLabs, said so far about 40,000 of its customers had been sent an e-mail containing BugBear.
He warned that the virus was difficult to spot as the e-mail had more than 50 different catchlines, many of which seemed plausible, such as Market Update Report, Announcement, Scam Alert and Membership Confirmation.
One way of identifying it is looking at the size of the file attachment, which is usually 50,688 bytes, but some copies have been different sizes.
Mr Shipp said the virus not only enabled passwords and banking details to be accessed by the person who wrote it, but also by any hacker who knew about it.
BugBear can delete some anti-virus software, and also enables people to add or delete computer files.
So far MessageLabs has not heard of anybody who has had details stolen and used, but Mr Shipp said the writer had clearly designed the virus in a bid to steal money.
BugBear is thought to originate from Malaysia, where the first copy was sent from, and it is thought to be the third virus the hacker has written. Internet and telephone bank Intelligent Finance said so far none of its customers had been affected by BugBear.