posted 10-04-2002 01:53 PM
While experts hoped the bug would be contained at its source in Malaysia on Monday, the virus rapidly made its way around the world as users in Asia, Europe, Canada and the United States fired up their computers to check e-mail. At least 120,000 people reported infections to British anti-virus firm MessageLabs by Friday. Thousands more logged attacks in Ireland, Australia, Canada and the United States. The number of new cases reported daily is rivaling, and even exceeding, that of the better-known Klez virus, a similar bug that hit millions of computers this year.
"This is a global epidemic and it's not slowing down," said George Stagonis, a researcher for anti-virus company Central Command. Central Command received 5221 reports of new infections Thursday -- evenly split between the United States and Europe. The company booked an average of 4,000 daily Klez infections when that virus was at its height, Stagonis said.
"We don't think it's peaked yet because it's staying way ahead of people updating their anti-virus software," he said of the new culprit.
How does it work?
Bugbear, also known as Tanatos, doesn't destroy files like its viral cousins "Melissa," "Michelangelo" and "Iloveyou." Instead, it disables popular firewall and anti-virus protections and prepares a port that can receive instructions from remote users.
That is what makes the virus so dangerous, experts say. Hackers aware of this vulnerability will search for open ports on infected computers. Once found, attackers can access passwords, view or destroy data and get reports of keystrokes being entered – including credit card numbers and other sensitive information. All of this happens without the knowledge of the hacked computer owner or business.
Silent spread
When the virus first appeared, anti-virus gurus were unable to mirror the spread of the bug in their labs. Many thought Bugbear would remain a minor threat.
"We still haven't managed to replicate it in our labs, but obviously it's replicating," said Alex Shipp, a tech with MessageLabs. "One of the theories is that this requires an Internet connection in order to spread."
The virus spreads quickly by disguising infected messages as "replys" or "forwards" to an existing message. It targets known vulnerabilities in Windows systems and has no trouble moving through banks of networked office computers, said Vincent Weafer, of Symantec Security Response.
"Once it gets into a machine it will try to replicate itself from machine to machine," Weafer said.
Avoid infection
While the virus is difficult to spot, there are ways to avoid it.
The file can arrive in mails with varied subject headings, but almost always it has an attachment that is 50,668 bytes, Shipp said.
Also, computer owners should make certain that Internet Explorer's I-FRAME patch is installed, which prevents the bug from automatically downloading itself from an infected message. And they should update to new versions of Microsoft Outlook message program, which are less prone to infection.
The one bright spot in all of this, said Shipp, is that many people are updating their anti-virus software and making sure firewalls are up, which appears to be killing off the Klez virus.
The bad news is "this new one is just as bad, if not worse, than Klez," Shipp said.
Chemtrail Central Forum
UBBFriend: Email This Page to Someone! 
posted 10-04-2002 01:53 PM
