Sunner said that the virus' growing presence poses a new threat. Since Bugbear leaves a backdoor program on infected machines, there could now be thousands of computers around the world susceptible to further attacks. "All a hacker has to do is point a browser at that machine and they can get at everything on the hard disk," Sunner said. "Because Bugbear has received so much publicity, all the hackers will be riding onto this. There is a plethora of machines up for grabs." Such vulnerable machines can be used, for example, to overwhelm a company's servers in what is called a distributed denial-of-service attack. Known technically as W32.Bugbear or I-Worm.Tanatos, experts now believe the virus to be a modified version of the earlier Badtrans worm. Besides installing the backdoor, the worm disables various antivirus measures and any personal firewall that might be present, and installs a program for recording keystrokes -- which can log any passwords the user types in. It scours the computer for email addresses, to which it sends infected messages via its own email engine. The virus only affects Windows machines. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an email message execute when the text of the message appears in Outlook. The software problem was patched by Microsoft almost 18 months ago, but some users apparently have not updated their computers. However, even with the patch, if a user clicks on the attachment he can still be infected. Clever social engineering
One of the factors that has made Bugbear spread so quickly is the way it disguises infected messages. Besides the common method of sending a message with a randomly-selected heading and "From" field, the virus can also create a message as a reply or forward of an existing message. "If you're receiving an old email from someone who you know, it's confusing, and you're likely to click on the attachment to find out what's going on," said Sunner. "It's a good social engineering trick." The worm began infecting computers on Sunday, originating in the Asia-Pacific region, according to MessageLabs. That area is still its biggest concentration, and because the company has fewer customers in the region, there are probably many more uncounted viruses. Security experts say that the biggest factor in the continuing danger from Bugbear, Klez.H and other worms is that users aren't bothering to update their virus protection -- and this is particularly true of home users. Protection
Antivirus companies recommend that users download Microsoft's Outlook patch, update their antivirus programs and avoid clicking on mysterious attachments unless the sender confirms it is safe. Eugene Kaspersky, head of Kaspersky Labs, recommends updating antivirus software weekly or daily, treating any email attachments with suspicion and paying attention to warnings from antivirus companies. "If you follow these rules, you will be 90 percent protected," he said in a recent interview with ZDNet UK. For instructions on protecting your computer from Bugbear, see ZDNet UK's Help & HowTo: Bugbear. For antivirus vendor instructions, see Central Command, F-Secure, McAfee, Sophos and Symantec. CNET News.com's Robert Lemos contributed to this report.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
