[ISN] E-Mail Worm Continues to Spread

From: InfoSec News (isnat_private)
Date: Mon Oct 07 2002 - 01:37:44 PDT

  • Next message: InfoSec News: "[ISN] Hackware Author Arrested -- Maybe"

    The Associated Press
    Sunday, October 6, 2002
    NEW YORK -- An e-mail-borne computer virus that lets hackers control
    infected machines remotely continues to spread and constitutes the
    most severe attack this year, experts say.
    The worm, known as W32.Bugbear, or I-Worm.Tanatos, infects computers
    that use Microsoft's Windows operating systems. It was first spotted a
    week ago and has spread to dozens of countries.
    Once a machine is infected, a hacker could steal and delete
    information from it.
    Some subject lines for the e-mail are "bad news," "Membership
    Confirmation," "Market Update Report," and "Your Gift."
    The worm replicates itself through a Windows machine's e-mail address
    book and can attach itself to previously sent e-mail messages.
    The worm can also spread through network systems and has
    keystroke-logging and backdoor capabilities that allow hackers to
    intercept passwords and gain access to computers over the Internet.
    It also attempts to terminate various antivirus and firewall programs,
    according to Symantec Corp., which has posted a downloadable repair on
    its Web site. Symantec has rated Bugbear a severe threat.
    Bugbear is currently the worst computer security outbreak globally,
    Mikko Hypponen, manager of anti-virus research at F-Secure Corp. in
    Helsinki, Finland, said in an e-mail to The Associated Press.
    F-Secure also has posted a fix on its Web site.
    The worm is expected to last well into next year because many
    consumers will not realize their computer is infected, Hypponen said.
    Microsoft issued a patch last year, Security Bulletin MS01-027. But
    many users to do not keep their machines current with patches.
    On the Net:
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 07 2002 - 04:32:27 PDT