22/10/2002 - 22:00

Bugbear a misnomer

22/10/2002 - 22:00


Upgrade your subscription to use this feature.

LOCAL business should keep an eye out for a network-aware virus called Bugbear, which is the subject of considerable concern worldwide at the moment.

Bugbear a misnomer
LOCAL business should keep an eye out for a network-aware virus called Bugbear, which is the subject of considerable concern worldwide at the moment.

Although Bugbear is commonly referred to as a virus, it is more accurately described as a worm. A worm is a malicious program that can make copies of itself and send them to unsuspecting recipients via a computer network or the Internet. Bugbear initially spreads itself in email attachments. When these attachments are opened, the worm copies its files into the startup and system folders of the victim machine. The network to which the victim PC is attached is then used by the worm to place copies of itself onto other machines.

Once active, the executable files installed by the worm are able to carry out a number of functions. These include the capture of system and user information including keystrokes, the termination of security and anti-virus software and the establishment of a ‘backdoor’ into the network for the purposes of remote control. These present considerable dangers to infected organisations as the of critical information and vulnerability to further intrusions become likely.

Of particular note is the worm’s ability to exploit vulnerabilities within Microsoft Outlook, Outlook Express and Internet Explorer. These allow email attachments in which Bugbear resides to open automatically, negating the recipient’s opportunity to delete them.

As indicated in an alert posted on October 1 2002 by Australia’s national Computer Emergency Response Team (AusCERT): “... this virus requires no user interaction for its execution from an infected email, the risk of propagation is great for sites where the original vulnerability has not been patched.”

Neesa Dann, principal of West Australian data security solutions provider Computer Security Systems, said Bugbear was the most reported virus infection in several years, having arrived on many computers in WA.

She said Bugbear posed several major threats to the continuity of critical business operations.

“Firstly, Bugbear tends to mass mail itself, which often results in the clogging up of email gateways and servers,” Ms Dann said. “Secondly, a successful Bugbear attack can render some computer programs useless.”

Perhaps of most concern to local business organisations is Bugbear’s ability to capture data and spirit it out of a network.

“Attacks can also result in the theft of credit card banking account numbers and other sensitive data such as personal information,” Ms Dann said.

“This can lead to multiple consequences, including being in breach of the recently enacted privacy amendments in the Privacy Act 1988.”

She said some typical examples of a Bugbear infection included the inability to start Windows when a computer was turned on, the shutting down of security software, an inability to delete infected messages and printer dysfunction.

“Computer users must understand that a good anti-virus scanner should be supplemented with the regular free Windows security patches available from the Microsoft website.” Ms Dann said.

“An easy way to get these free Microsoft upgrades is to connect your computer to the Internet, click the start button in the lower left corner of monitor screen, click Windows Update and follow the on-screen directions.”

She said that, at the time of Bugbear’s release onto the Internet, many businesses did not have the free Microsoft critical update to prevent Bugbear self-installing onto their computer.

It is important for local business to note that Bugbear is just one of thousands of viruses that exist on the Internet at any point in time.

Ms Dann indicated that of the most serious viruses currently of concern 'in-the-wild', many in particular specifically target computer networks using Microsoft operating systems such as Windows 98, Windows NT, Windows 2000 and Windows XP.

So what can be done to defend against Bugbear and the spate of other viruses doing the rounds at the present time? Ms Dann suggested that the main priority for local business was the fortification of perimeter and internal defences to the point where malicious programs were no longer a threat.

“The minimal requirement to meet this objective is to install a high performance anti-virus protection program,” she said.

“Most business are too busy to worry about chasing upgrades for their anti-virus program, so operational features should include real-time scanning with continuous protection, detection for known and unknown viruses, blocking of unauthorised executables, rejection of common junk emails and upgrades via the Internet.”

Perhaps even more importantly was the development of an IT security awareness culture within organisations.

“With the threat of cyberterrorism and the introduction of new privacy legislation, which came into effect on December 21 2001, it is essential that local businesses have effective security for data storage and transmission,” Ms Dann said.

Wise words indeed.


Subscription Options