Skip to main content
CNN Europe CNN Asia
On CNN TV Transcripts Headline News CNN International About Preferences
powered by Yahoo!

'Bugbear' spread slows; threat remains

By Jeordan Legon

   Story Tools


(CNN) -- The spread of the "Bugbear" worm appeared to be slowing, but it still is on track to be the most prolific e-mail virus to date, experts said.

The virus was not causing immediate problems for most computer users, because its purpose appeared to be to open communication ports on infected systems and to replicate itself, not to destroy files. But experts warned that hackers eventually could cause major problems for computer owners by finding their way in through the opened ports to steal or destroy data.

"It appears to be designed by someone who intended to steal credit card info or other data," said George Stagonis, a researcher for anti-virus company Central Command.

While experts hoped the bug would be contained at its source in Malaysia, the virus rapidly made its way around the world as users in Asia, Europe, Canada and the United States fired up their computers to check e-mail. At least 120,000 people reported infections to British anti-virus firm MessageLabs the first week. Thousands more logged attacks in Ireland, Australia, Canada and the United States.

The number of new cases reported daily rivaled, and even exceeded, that of the better-known Klez virus, a similar bug that hit millions of computers this year.

What makes the virus dangerous?

Bugbear, also known as Tanatos, doesn't destroy files like its viral cousins "Melissa," "Michelangelo" and "Iloveyou." Instead, it disables popular firewall and anti-virus protections and prepares a port that can receive instructions from remote users.

Hackers aware of this vulnerability can search for open ports on infected computers, experts say, to access passwords, view or destroy data and get reports of keystrokes being entered. All of this happens without the knowledge of the hacked computer owner or business.

Silent spread

When the virus first appeared Sept. 30, anti-virus gurus were unable to mirror the spread of the bug in their labs. Many thought Bugbear would remain a minor threat.

The virus spreads quickly by disguising infected messages as "replys" or "forwards" to an existing message. It targets known vulnerabilities in Windows systems and has no trouble moving through banks of networked office computers, said Vincent Weafer, of Symantec Security Response.

"Once it gets into a machine it will try to replicate itself from machine to machine," Weafer said.

The virus also can spread to printers, prompting them to spew piles of printed code.

Avoid infection

While the virus is difficult to spot, there are ways to avoid it.

The file can arrive in mails with varied subject headings, but almost always it has an attachment that is 50,668 bytes, said Alex Shipp, a tech with MessageLabs.

Also, computer owners should make certain that Internet Explorer's I-FRAME patch is installed, which prevents the bug from automatically downloading itself from an infected message. And they should update to new versions of Microsoft Outlook message program, which are less prone to infection.

The one bright spot in all of this, said Shipp, is that many people are updating their anti-virus software and making sure firewalls are up, which appears to be killing off the Klez virus.

Story Tools

Top Stories
Burgers, lattes and CD burners
Top Stories
CNN/Money: Security alert issued for 40 million credit cards
© 2004 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
external link
All external sites will open in a new browser. does not endorse external sites.