Has anyone been hit by the BugBear virus ?

“There was an article on CNN.com about this virus. Some are worried that it has the potential to be much worse than some of the other recent viral pests. It also seems to have a bug of its own that prevents it from spreading quickly if I understand correctly. A friend of mine had the Klez virus and he is still cursing and swearing about it.”

“BugBear virus? Sounds like it escaped from one of Sarabelle's yarns.”

“I heard it's spread by replying to this post.

Ah Oh!”

“I thought this was going to be somehting about Buddha and the drugs....”

“This is one evil virus! It combines the normal malicious effects of some other viruses with a trojan(no, not the comdom!).”

“How do you get it? From touch or from being sneezed on?”

“Sniffing skeery woof bare's butt?”

“What a bunch of comediens! I didn't name the pesky thing, I'm just mentioning it. As Gear Slut says, it is supposed to be nasty, records keystrokes to get your passwords, etc. My online anti-virus software is sending me updates like twice a day, so they must be all twisted up about it.”

“I ignored this thread yesterday because I had never hear do f BugBear, but i just saw it on CNN.com as well.

All the usual advice applies:
- Don't open email with attachments
- Update your virus-checking software

etc.”

“My girl friend's office got hit by BugBear yesterday (I wouldn't have known the name if I hadn't seen this thread... so I was able to say "oh yeah,I heard it's pretty nasty"). She downloaded stuff from McAfee to take care of it (she manages their web site and does a lot of their 'puter stuff).”

“I haven't had the BugBear, but I had a toxic case of Strep Throat a while back. It was awful. LOL!”

“'Bugbear' worms in, opens doors to hackers
By Jeordan Legon (CNN)
Friday, October 4, 2002 Posted: 9:51 AM EDT (1351 GMT)






--------------------------------------------------------------------------------

Story Tools




--------------------------------------------------------------------------------


(CNN) -- The stealthy "Bugbear" worm continued on a ravenous digital path this week, prompting anti-virus firms to escalate warnings from moderate to high and leaving thousands of computers worldwide at the mercy of hackers.

While experts hoped the bug would be contained at its source in Malaysia on Monday, the virus rapidly made its way around the world as users in Asia, Europe, Canada and the United States fired up their computers to check e-mail. At least 120,000 people reported infections to British anti-virus firm MessageLabs by Friday. Thousands more logged attacks in Ireland, Australia, Canada and the United States.

The number of new cases reported daily is rivaling, and even exceeding, that of the better-known Klez virus, a similar bug that hit millions of computers this year.

"This is a global epidemic and it's not slowing down," said George Stagonis, a researcher for anti-virus company Central Command. Central Command received 5221 reports of new infections Thursday -- evenly split between the United States and Europe. The company booked an average of 4,000 daily Klez infections when that virus was at its height, Stagonis said.

"We don't think it's peaked yet because it's staying way ahead of people updating their anti-virus software," he said of the new culprit.

How does it work?
Bugbear, also known as Tanatos, doesn't destroy files like its viral cousins "Melissa," "Michelangelo" and "Iloveyou." Instead, it disables popular firewall and anti-virus protections and prepares a port that can receive instructions from remote users.

That is what makes the virus so dangerous, experts say. Hackers aware of this vulnerability will search for open ports on infected computers. Once found, attackers can access passwords, view or destroy data and get reports of keystrokes being entered – including credit card numbers and other sensitive information. All of this happens without the knowledge of the hacked computer owner or business.

Silent spread
When the virus first appeared, anti-virus gurus were unable to mirror the spread of the bug in their labs. Many thought Bugbear would remain a minor threat.

"We still haven't managed to replicate it in our labs, but obviously it's replicating," said Alex Shipp, a tech with MessageLabs. "One of the theories is that this requires an Internet connection in order to spread."

The virus spreads quickly by disguising infected messages as "replys" or "forwards" to an existing message. It targets known vulnerabilities in Windows systems and has no trouble moving through banks of networked office computers, said Vincent Weafer, of Symantec Security Response.

"Once it gets into a machine it will try to replicate itself from machine to machine," Weafer said.

Avoid infection
While the virus is difficult to spot, there are ways to avoid it.

The file can arrive in mails with varied subject headings, but almost always it has an attachment that is 50,668 bytes, Shipp said.

Also, computer owners should make certain that Internet Explorer's I-FRAME patch is installed, which prevents the bug from automatically downloading itself from an infected message. And they should update to new versions of Microsoft Outlook message program, which are less prone to infection.

The one bright spot in all of this, said Shipp, is that many people are updating their anti-virus software and making sure firewalls are up, which appears to be killing off the Klez virus.

The bad news is "this new one is just as bad, if not worse, than Klez," Shipp said”

“That's why i ALWAYS wear a condom.”

“Anything new on this?”

“Dunno, but I've been getting spam with overly large files, so I've been deleting all spam without opening it.”

“I haven't opened Maple's attachment file yet. I will when things settle down. I have frequently deleted emails from people that have very general subjects, if I don't know the person. I'm being paranoid but I have friends who have spent days cleaning up after the Klez.”

“I get very little email from friends and family, so unless I recognize the sender, or unless the subject is one I recognize, I usually delete it. If you're using Outlook Express to read your email, be sure and turn off the preview pane for the inbox. If you want to read the email without opening it, right click on the email, and select "Properties". One of the Properties windows will have a "View Message Source" button, and it will safely display the source of the message, in ASCII text only, in a small window. This can allow you to view the message text without opening any attachments, or having any embedded HTML interpreted.”

“The BugBear supposedly comes in monster attachements, I forget how many mb.”

“I thought that that was Klez, with 126 kb. I thought the BugBear was small, and didn't have to be in an attachment.”

“The computer geek we had in yesterday said he's been very busy this week cleaning up the mess from this one.

According to McAfee, possible subject lines include:

Found
150 FREE Bonus!
25 merchants and rising
Announcement
bad news
CALL FOR INFORMATION!
click on this!
Correction of errors
Cows
Daily Email Reminder
empty account
fantastic
free shipping!
Get 8 FREE issues - no risk!
Get a FREE gift!
Greets!
Hello!
history screen
hotmail.
I need help about script
Interesting
Introduction
its easy
Just a reminder
Lost
Market Update Report
Membership Confirmation
My eBay ads
New bonus in your cash account
New Contests
new reading
News
Payment notices
Please Help
Report
SCAM alert
Sponsors needed
Stats
Today Only
Tools For Your Online Business
update
various
Warning!
Your Gift
Your News Alert

I routinely delete those type of messages anyway.

For more info, see http://www.mcafee.com/anti-virus/viruses/bugbear/”

“From a story on CNN.com:

Avoid infection
While the virus is difficult to spot, there are ways to avoid it.

The file can arrive in mails with varied subject headings, but almost always it has an attachment that is 50,668 bytes, said Alex Shipp, a tech with MessageLabs.


Link to full story.”

“Yeah I get messages like those all the time. But once in a while I accidently open one. I hope that I didn't have an "accident" recently. I would hate to infect someone else. This computer is for the kids and has no personal stuff on it. But supposedly if you order online, and you have BugBear, someone can record your keystokes and get your credit card info.”

“Or your Trail Talk password!

=80”

“The CNN article talks about an I-Frame patch to internet explorer. Who needs that, people with old, old explorer, or is it a really new patch?”

“I'll give you my TrailTalk password. Just send me an email with your TrailTalk password in it!

:D”

“But my ISP has Declude which isolates it before it gets to me. The ISP sends me an e-mail telling me each time it has performed its most appreciated duty.”