Virus Could Prove Real Bugbear for Networks
New mass-mailing virus, dubbed Bugbear, could do quite a bit of damage to vulnerable networks.A new mass-mailing virus hit the Internet Monday, and unlike many others of its ilk, carries with it a payload that could do quite a bit of damage to vulnerable networks. Called Bugbear, the virus installs a Trojan on infected machines that is capable of logging users keystrokes, which could include passwords and other sensitive information. The virus arrives in an e-mail with a random subject line and a randomly named attachment. The attachment, written in Microsoft Corp.s Visual C, is compressed and often contains a double file extension. Once it infects a computer, the virus mails itself to addresses found on the local machine and then tries to spread through network shares, according to an advisory from McAfee Security, a division of Network Associates Inc., in Santa Clara, Calif. Bugbear takes advantage of a flaw in Internet Explorer that can force the browser to automatically open an executable attachment in some HTML e-mail messages.
In addition to logging keystrokes, the Trojan program searches for and tries to disable a number of common Windows processes. It also disables popular anti-virus and firewall software and opens a TCP port that listens for instructions from remote machines. The combination of the these modifications to an infected machine could not only give a remote attacker access to sensitive data such as passwords but could also enable him to control any number of compromised PCs.