Bugbear worm - an update

The Bugbear email worm gained a greater foothold in unpatched Windows PCs on Tuesday, spurring anti-virus companies to upgrade their estimate of the virus' danger.

Known in full as W32.Bugbear or I-Worm.Tanatos, the mass-mailing computer virus started infecting computers via email on Sunday. On Tuesday, it accounted for nearly 11,000 infected email messages intercepted by email service provider MessageLabs' gateway servers. That placed it second to Klez.h, which accounted for about 14,000 email messages.

"It is so hard to stay up with all the patches," said John Harrington, marketing director for MessageLabs.
The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5, according to an advisory posted by security company Symantec. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an email message execute when the text of the message appears in Outlook.

The software problem was patched by Microsoft almost 18 months ago, but some users apparently have not updated their computers.

Once running, Bugbear searches a PC for email addresses and uses its own email engine to send off infected messages to each address listed. In addition, it uses random email addresses in the "from" field of the header to camouflage where the infected message is coming from.

The virus also attempts to shut down a host of security programs and antivirus measures, including many personal firewall programs and most popular antivirus scanning engines.

Lastly, Bugbear sends off an encrypted file with information about the computer to a predefined email address and opens a backdoor for network attackers to use to sneak into the system.

Symantec upgraded the threat rating of the virus to a "3" on Tuesday from a "2" on Monday, with the most severe rating being a "5." The rating measures various factors including the destructiveness of a virus and how fast and how far the virus has spread.

To prevent infection, Windows users should download the Microsoft patch, update their antivirus software and refrain from opening an attachment unless the sender confirms he or she sent it.

Robert Lemos writes for News.com