[ISN] Feds escape Bugbear bite

From: InfoSec News (isnat_private)
Date: Sun Jun 08 2003 - 23:56:17 PDT

  • Next message: InfoSec News: "[ISN] Linux Security Week - June 9th 2003"

    http://www.fcw.com/fcw/articles/2003/0602/web-virus-06-06-03.asp
    
    By Rutrell Yasin 
    June 6, 2003
    
    The variant of the Bugbear computer worm that started to spread
    throughout the Internet on June 5 doesn't appear to have adversely
    impacted federal agencies, according to initial reports from
    cybersecurity experts.
    
    Hit by a wave of fast-spreading, Internet-borne viruses over the past
    few years, agencies, like many corporations, have moved to shore up
    virus protection and cyberdefenses, agency security officers and
    security experts noted.
    
    Bugbear is an Internet mass-mailing worm. Once activated on a
    computer, the worm e-mails itself to addresses found on the local
    system. The sender address in a message can be spoofed, or forged, and
    so is not a direct indication of an infected user. Bugbear spreads
    using network shares and by mailing itself using the default Simple
    Mail Transfer Protocol engine. Users will know that they have been
    infected by the presence of a non-standard .EXE file in the startup
    folder, virus experts said.
    
    "We have not seen any of our government customers infected," said
    Peter Stapleton, product marketing manager at NetSec Inc., which
    provides security services for nine cabinet-level departments
    including the departments of Agriculture, Justice and the Treasury.
    
    "We've advised all of our clients they should not allow executable
    files through the e-mail server," Stapleton said.
    
    Blocking executable content at the e-mail gateway has become a
    standard policy of many agencies over the past two to three years,
    said Jimmy Kuo, a member of Network Associates Inc.'s AntiVirus
    Emergency Response Team (AVERT). As a result, Network Associates'
    government clients, such as the Defense Information Systems Agency and
    the Department of Veterans Affairs, weren't infected with the Bugbear
    variant.
    
    Veterans Affairs cybersecurity chief Bruce Brody confirmed Kuo's
    claims, noting that Bugbear's impact was "negligible." He added, "Our
    antivirus defenses are robust."
    
    The Department of Defense also viewed Bugbear as a low-level threat.  
    "The Joint Task Force-Computer Network Operations, in coordination
    with the Department of Defense Computer Emergency Virus Response Team,
    assesses viruses and their potential impact to DOD systems," according
    to a JTF-CNO spokesman in a statement e-mailed to FCW. The DOD works
    closely with industry partners and virus protection vendors to ensure
    that the agency stays up to date on antivirus signatures and that they
    are deployed across DOD's global information network. "Because we
    continuously and rapidly take such proactive measures, the JTF-CNO and
    the DOD CERT have assessed the impact of the named viruses as low
    threat and note no significant impact to date," the DOD spokesman
    said.
    
    The Bugbear variant was still spreading through the Internet on
    Friday, prompting virus protection teams at Network Associates and
    Symantec Corp. to classify the worm as a high risk.
    
    Symantec Security Response analysts had tracked 1,002 submissions of
    the variant, known as W32.Bugbear.B, by Friday, said Vincent Weafer,
    senior director of Symantec Security Response. Symantec analysts don't
    think the worm's spread has peaked yet. By comparison, the original
    Bugbear worm was discovered on Sept. 30, 2002 and peaked in its fifth
    day with 6,888 submissions.
    
    Dan Caterinicchia and Judi Hasson contributed to this story.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 02:59:43 PDT