Bugbear.B Worm Targets the Banking Sector; Bugbear.A Was the Most Widespread Virus in 2002.

Business Editors/High-Tech Writers

HELSINKI, Finland--(BUSINESS WIRE)--June 5, 2003

F-Secure is warning the computer users of a worm known as Bugbear.B. This worm was first seen on Thusday morning, June 5th, 2003. It is a new variant of the Bugbear.A e-mail worm (also known as Tanatos) that was found on Monday, September 30, 2002. Bugbear.A was the most common and widespread virus in 2002.

The most alerting capacity of this worm is that it includes a large list of domains belonging mostly to banks. The worm checks if an infected computer is in one of these domains, and makes changes to the system in these computers.

"The list of bank domains that the worm has, includes banks from all over the world; Europe, US, Asia and Africa," says Mikael Albrecht, Product Manager of F-Secure. "Bugbear.B changes system settings if activated in one of these banks. The purpose of these actions is still unknown. They may be part of a malicious scenario but we can't confirm that yet," he continues.

Bugbear.B is a very complex polymorphic virus A virus that changes its binary code each time it infects a new file. Without an identifiable pattern to match, it is extremely difficult to discover under normal methods. Also called a "stealth virus," one way to detect it is by its actions (see behavior blocking). See virus. that spreads through both email and network shares. The worm sends e-mails with various contents. It uses a known vulnerability A bug in software that has been identified. It typically refers to bugs that have been used for malicious purposes. For example, bugs in Web server, Web browser and e-mail client software are widely exploited by attackers. to execute the attachment automatically when the e-mail is opened.

"This virus is tricky, it contains many different techniques. It has UPX UPX Ultimate Packer for eXecutables
UPX Ulead Photo Express compression, encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. with random keys, backdoors, key-logging, retro-functionality, aggressive mass-mailing and network worm capabilities," explains Mikael Albrecht. "The network worm capabilities may be dangerous to large organisations. It may cause very fast outbreaks if this virus manages to get inside the firewall."

More information on the Bugbear.B virus is available online at http://www.f-secure.com/v-descs/bugbear_b.shtml. The page includes technical descriptions and images.

F-Secure Anti-Virus can detect, and stop the Bugbear.B worm. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com.

About F-Secure

F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges Helsinki Exchanges (HEX)

The Helsinki Exchanges (HEX Ltd., Helsinki Securities and Derivatives Exchange and Clearing House) was formed at the beginning of 1998 following the merger of the Helsinki Stock Exchange Ltd. and SOM Ltd. since November 1999. The company is headquartered in Helsinki, Finland, with the North American North American

named after North America.

North American blastomycosis
see North American blastomycosis.

North American cattle tick
see boophilusannulatus. headquarters in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. , as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers See VAR.

(company) value added reseller - (VAR, or "value added retailer") A company which sells something (e.g. computers) made by another company (an OEM) with extra components added (e.g. specialist software). and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company's security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and HP.

COPYRIGHT 2003 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Geographic Code:	4EUFI
Date:	Jun 5, 2003
Words:	446
Previous Article:	Chase to Stay in Auto Leasing Business in Connecticut Following State Legislature's Passage of Law Limiting Lessor Liability.
Next Article:	Computrition joins The CHIPS Network as an Associate Vendor.
Topics:	Computer software industry Software industry

Related Articles
2001 anti virus review: Kaspersky Labs presents a year-end review of events taking place in anti-virus safety. (Security).
Klez worm most prolific virus of year. (Virus Notes).
Top ten viruses and hoaxes in November 2002, Sophos. (Virus Notes).
Top ten viruses reported to Sophos in February. (Virus Notes).(Brief Article)
Top ten viruses--March 2003. (Security).(Brief Article)
Kaspersky virus top twenty March 2003. (Security).(Brief Article)
Security Conference 2004 to Address Threats and IT Solutions in Dublin and London.(Computer & Internet Crime)(Brief Article)
Sophos warns against panic as worm attacks CNN, Financial Times and New York Times.(Security News)
New virus diguised as Saddam Hussein death.(Security)
How computer viruses work.(SECURITY)