- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
To print: Click here or Select File and then Print from your browser's menu
This story was printed from silicon.com, located at http://www.silicon.com/
Story URL: http://software.silicon.com/security/0,39024655,10004519,00.htm
Virus warning: Now it's Bugbear making a comeback
Return of another worm...
By Will Sturgeon
Published: Thursday 05 June 2003
In the week which saw the return of the latest variant Sobig, virus users are being warned of another worm which is on the comeback trail - Bugbear.
Major anti-virus vendors are already issuing high level warnings about Bugbear.B which has been detected spreading in the wild.
And if the impact of the Bugbear forebear is anything to go by, users would be well advised to be on the look out.
Computer Associates, F-Secure, MessageLabs and Sophos have all issued serious warnings relating to Bugbear.B which is also going by the name Kimjo (W32/Kimjo.A-mm) in some reports.
Other details are sketchy at the moment but the worm is a mass-mailer which will infect a user's PC and detect any email addresses stored on the machine. It will then use these email addresses to propagate itself, by means of forwarding to all addresses found.
In keeping with a number of other recent viruses it will also attempt to disable any anti-virus software on the machine.
A consistent selection of subject lines has not been established and it is thought the senders address is most likely spoofed by the morphing mass-mailer, but the extensions are so far the tell tale sign. All are a double extension - often purporting to be something relatively innocuous such as .doc.
As ever, caution is advised when opening any attachment. The attachment bearing Bugbear.B arrives as a .exe, .pif or .scr file. But may appear for example as document.doc.exe - in attempt to dupe users into thinking it is a Word file.
Users are advised not to open any files with these extensions that arrive over email unless they can vouch for the source and the contents.
silicon.com will bring you more detailed information as and when it becomes available.
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
