Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bugbear Windows Virus Making the Rounds

Posted by michael on from the where-she'll-stop-nobody-knows dept.

lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"

5 of 449 comments (clear)

  1. Virus that disables anti-virus software? by Christopher_G_Lewis · · Score: 4, Insightful

    It's pretty impressive that this virus disables anti-virus software, and covers quite a large list of AV/Firewall programs.

    tech details

    Have any other virii in the past done this, or is this a first?

    --
    www.christopherlewis.com
  2. Re:Why is anyone running outlook anymore? by gblues · · Score: 5, Insightful

    Unfortunately, people who use MSN as their ISP are forced to use MS LookOut as their e-mail client because the SMTP servers require "Secure Password Authentication" support, and none of the clients you have listed support it.

    Score one for vendor lock-in!

    Nathan

  3. Re:Why is anyone running outlook anymore? by SirSlud · · Score: 4, Insightful

    I agree.

    People seem to dislike this attitude, but its true. Why should anyone deserve sympathy for driving a car thats already rolled over 3 times ...

    Eventually its up to the user to practice safe computing.

    --
    "Old man yells at systemd"
  4. Because the patch has been out for ALMOST 2 YEARS! by SlashChick · · Score: 5, Insightful

    The vulnerability that this exploits in Outlook and Outlook Express has been patched since March 29, 2001.

    If you run Apache and haven't patched since March 2001, you're vulnerable.

    If you run OpenSSL and haven't patched since March 2001, you're vulnerable.

    If you run WU-FTPd, Sendmail, or any other numerous programs with vulnerabilities and haven't patched since March 2001, you're vulnerable.

    At this point, there is no one left to blame but people who simply never update their computers. It's the same g&^damn hole that this exploits every single time, folks. Outlook 2000's patch has been out for well over a year. Outlook XP doesn't even HAVE this vulnerability!

    Stop whining about what programs other people choose to run, and encourage them to learn how to patch their systems. No matter what OS you run, patching it is going to be important. Windows XP, Mac OS X, Debian, and Red Hat all make it incredibly easy to patch your system. People spreading this crap around no longer have an excuse.

    --
    Simpli - Your source for San Jose dedicated servers and colocation!
  5. Mantra: E-Mail is Data...Treat It As Such by EXTomar · · Score: 4, Insightful

    The big problem with MS's application is the idea that data can tell programs what do to. THIS IS A BAD BAD BAD IDEA.

    How foolish is this? How many people would open an email that said:

    Hey here is a perl script with my message in it. Go ahead and run it to see what I have to say.

    You'd be a fool on any system to execute what ever it really is but MS wants this behavior by default. The moment you let data run the program you get this bad stuff. Word document with macros that destroy files. A whole slew of Outlook nastiness. Heck nearly all buffer overruns in networked programs are based on the idea that sending bad data to gain control.

    Why does MS continue to cling to this idea that they can make data behave like programs?? It just isn't sound...I wish they would abandon it.