Bugbear Virus Still Running Wild | eWeek

Bugbear Virus Still Running Wild

Écrit par
Dennis Fisher
Dennis Fisher
Oct 2, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Three days after its appearance, the Bugbear virus is still gaining momentum and has passed the venerable Klez virus as the most active in the past 24 hours.

One company that tracks viruses, Message Labs Ltd., said it has seen more than 21,000 copies of Bugbear in the last day, nearly twice the number of Klez-infected messages its seen during the same period. Klez, however, is still by far the most active virus of the month and year so far.

Bugbear first hit the Internet late Sunday and has been spreading steadily ever since. In fact, F-Secure Corp., a Finnish anti-virus company, on Wednesday upgraded its alert level on Bugbear to Level 1, which is reserved for epidemic-level viruses such as Loveletter and Nimda.

Symantec Corp. has also upgraded Bugbear to a Level 4 threat, with Level 5 being the most serious. The company made the move after seeing a huge jump in the number of submissions from its customers. As of Tuesday morning, Symantec had a total 157 submissions of the virus from consumers. Wednesday morning, Symantec Security Response had 2,039 submissions from consumers.

The virus arrives in an e-mail with a random subject line and a randomly named attachment. The attachment, written in Microsoft Corp.s Visual C, is compressed and often contains a double file extension. Once it infects a computer, the virus mails itself to addresses found on the local machine and then tries to spread through network shares, according to an advisory from McAfee Security, a division of Network Associates Inc., in Santa Clara, Calif.

Bugbear takes advantage of a flaw in Internet Explorer that can force the browser to automatically open an executable attachment in some HTML e-mail messages.

In addition to logging keystrokes, the Trojan program searches for and tries to disable a number of common Windows processes. It also disables popular anti-virus and firewall software and opens a TCP port that listens for instructions from remote machines. The combination of these modifications to an infected machine not only could give a remote attacker access to sensitive data such as passwords but could also enable him to control any number of compromised PCs.

For instructions on how to find out whether youve been infected by Bugbear or to remove it, see: www.mcafee.com/anti-virus/viruses/bugbear/. The patch from Microsoft Corp. for the Internet Explorer vulnerability is available here.

(Editors Note: This story has been updated since its original posting to include figures from Symantec.)

Related Stories:

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.