Bugbear is making a comeback



A variant on the feared Bugbear worm has begun rapidly infecting computers worldwide after appearing in the US and Australia overnight

The new variant, Win32.Bugbear.B, has been discovered "in the wild" by several security firms, BullGuard included. Messagelabs, which runs outsourced email servers for 700,000 customers around the world, said it had filtered out 190 emails infected with the worm in 20 countries as of Thursday morning at 10 a.m. BST, but the number had risen to 1,654 in 56 countries by 11 a.m.

The virus is currently spreading faster than the first Bugbear worm ever did last autumn, creating about 320,000 infected messages in its first week. Like its predecessor, Bugbear.B is a mass-mailing virus that infects Windows PCs. After it infects a PC, the virus searches the machine for email addresses and sends a message out to each address, with a copy of itself attached.

More dangerously, the virus installs a keylogger that records what the user types -- a method of capturing passwords -- and a Trojan horse backdoor, communicating on port 1080, which allows an attacker to take control of the system.

Computer Associates expert Jakub Kaminsky predicted that Bugbear.B will spread widely over the next couple of days, before increased consumer awareness, anti-virus vendors updating their offerings and users subsequently installing new patches slowed its progress.