Virus Alert

[Jay]

Taken from the BBC news site:

"Virus makes unwelcome return
People are being warned to be wary of a new variant of a Windows virus that wrought havoc last year.
Bugbear was one of the most virulent viruses of 2002 and has now returned in a new guise.

The variant is packed with a variety of malicious programs that help the virus spread, steal confidential information, hide its origins and disable security software.

PC owners are being advised to update their anti-virus software and be suspicious of e-mail messages they were not expecting.

"Not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit card details or for some other nefarious purpose," said Paul Wood, Chief Information Analyst at MessageLabs.

Lethal package

The new B variant of the Bugbear shares some characteristics of its ancestor as it is designed to exploit vulnerabilities in Windows PCs.

Like many other viruses it exploits loopholes in the popular Outlook e-mail program to infect machines.


BUGBEAR SUBJECT LINES
Greets!
Your Gift
Your News Alert
free shipping!
Membership Confirmation
update
history screen
bad news
I need help about script!!!
Stats
The virus itself arrives as an attachment but uses a lot of different names for the payload to make it harder to spot.
To lend itself credibility the virus uses document names stolen from the PC the virus came from.

However, because it uses a double suffix on the attachment filename, many anti-virus programs should be able to pick it out.

When it reaches a new victim, the virus searches for addresses to despatch itself to and also picks a random e-mail address for the 'from' line to cover its tracks. This also makes it difficult for someone to find out who has sent them the virus.

The virus also tries to spread by copying itself to any hard drives shared with infected machines.

Sometimes this results in network connected printers spewing out page after page of garbage.

In an attempt to stop itself being found and deleted, Bugbear.B looks for copies of well-known anti-virus packages and tries to turn them off.

Bugbear.B also tries to install a key logging program that records which keys a person presses.

Finally, the virus opens up a backdoor to the net that could let its creator take control of any infected machine.

In an attempt to avoid being spotted by anti-virus programs that look for particular signatures, Bugbear.B appears to have the ability to reformat itself as it travels to new hosts.

Anti-virus firms say they have received a few thousand copies of the virus which has now infected machines in more than 20 countries. "

[abucksdiver]

<font color='#000080'>For more detailed information on this Virus, check:
McAfee Virus Information Library - W32/Bugbear.b@mm

The best defense is to have updated AV software running.

abucksdiver

[Adrian Kelland]

Quote:

Originally Posted by [b

Quote[/b] (abucksdiver @ June 06 2003,08:56)]For more detailed information on this Virus, check:
McAfee Virus Information Library - W32/Bugbear.b@mm

The best defense is to have updated AV software running.

abucksdiver

Or don't use MS Lookout ;-)

[Dominic]

Or just stop using s#1tty M$ products altogether..

Only a few more weeks before I can format my hard drive and install Linux at last...

[Dr Stevil]

<font color='#0000FF'>I've you've got Broadband access (Which I'm guessing you do) you can download the Knoppix version of Linux which will run from your CDROM See here for a pc forum discussion of its merits. I've had a whirl with it but don't have as much time or expertise to get enough out of it, fully intend to build a seperate Linux only 'puta at some point (I know you can dual-boot but I've heard about some major problems with that)
Chee-az
steve

[CotoChris]

<font color='#0000FF'>Been receiving dodgy e-mails recently with '.scr' attachments, does anyone know what these are? (I'm curious as I delete all questionable e-mails). Its unreal how fast these viruses can spread.

[Jay]

Many virus' use the .scr extension or even another extension + scr (e.g. 'anyfile.exe.scr'). If in doubt, bin 'em without opening them. (The .scr extension also is also legitimately used for screensavers)

[lamda]

The import dbx file and dbx file recovery has prompted you a path of the Outlook Express files' storage. And now save the damaged dbx files in the safe folder, they can be useful.