A new mass-mailing virus hit the Internet Monday, and unlike many others of its ilk, carries with it a payload that could do quite a bit of damage to vulnerable networks. Called Bugbear, the virus installs a Trojan on infected machines that is capable of logging users keystrokes, which could include passwords and other sensitive information.
The virus arrives in an e-mail with a random subject line and a randomly named attachment. The attachment, written in Microsoft Corp.s Visual C, is compressed and often contains a double file extension. Once it infects a computer, the virus mails itself to addresses found on the local machine and then tries to spread through network shares, according to an advisory from McAfee Security, a division of Network Associates Inc., in Santa Clara, Calif.
Bugbear takes advantage of a flaw in Internet Explorer that can force the browser to automatically open an executable attachment in some HTML e-mail messages.
In addition to logging keystrokes, the Trojan program searches for and tries to disable a number of common Windows processes. It also disables popular anti-virus and firewall software and opens a TCP port that listens for instructions from remote machines. The combination of the these modifications to an infected machine could not only give a remote attacker access to sensitive data such as passwords but could also enable him to control any number of compromised PCs.
Message Labs Ltd., a managed service provider in Gloucester, England, that tracks virus activity, said it has seen more than 1,200 copies of the virus since it was spotted on Monday. McAfee has rated the virus as a medium risk for both business and home users.
- VPN Flaw Could Clear Way for Hackers
- Team Cracks RSA Encryption Challenge