Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bugbear Windows Virus Making the Rounds

Posted by michael on from the where-she'll-stop-nobody-knows dept.

lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"

12 of 449 comments (clear)

  1. What's the plural of virus? by thelenm · · Score: 4, Interesting

    Unlike ILovYou-type viri,

    A bit off-topic, I know, but here's an interesting link about the word "viri", the alleged plural of "virus": What 's the Plural of 'Virus'?

    --
    Use Ctrl-C instead of ESC in Vim!
  2. Why is anyone running outlook anymore? by RailGunner · · Score: 4, Interesting
    Unless your company forces you to connect to an Exchange Server, why would anyone purposely run Outlook or Outlook Express as their mail client? Especially when there's several free alternatives.

    Eudora - http://www.Eudora.com
    Opera Mail - http://www.opera.com
    Mozilla - http://www.mozilla.org
    Netscape - http://www.netscape.com

    I hate to sound callous, but if you're on a standard PPP or SLIP internet connection at home, and you're running Outlook or Outlook Express, then you get what you deserve. If your company is running Exchange Server, then your company is getting what it deserves.

    Fool me once, shame on you. Fool me twice, shame on me. Except between Melissa, ILoveYou, Sircam, Klez, and now this, it's what, fool me a dozen times? Do people just enjoy getting kicked in the teeth repeatedly?

    1. Re:Why is anyone running outlook anymore? by RailGunner · · Score: 4, Interesting
      Well, I'd say that's a good reason not to use MSN. Though I could have sworn Eudora or Mozilla or both supported SPA..

      OK folks, any volunteers to add SPA support to Mozilla Mail? Let's free the MSN users from the shackles of Outlook.

    2. Re:Why is anyone running outlook anymore? by Osty · · Score: 5, Interesting

      why would anyone purposely run Outlook or Outlook Express as their mail client?

      I can't personally speak for OE, as I've not used it in years, but I use Outlook XP because it's the best mail client I've found. I've never been infected by a virus in Outlook XP, because by default it strips malicious attachments (no, I'm not confusing that with an Exchange or mail server stripping those attachments -- we do that at work, sure, but I use Outlook at home with my postfix setup, and I know I'm not stripping attachments there, yet Outlook XP still strips the dangerous attachments). Out of the box, Outlook XP requires you to screw around to shoot yourself in the foot -- it warns you when you try to open an attachment, it'll tell you when there's possibly malicious script in a message and not let you view it in the preview pane, and so on. In short, you actually have to take action to get infected by a virus if you're using Outlook XP.


      Just to clear up any possible misconceptions, Outlook and Outlook Express are two completely different products, with completely different codebases, developed by two completely different teams. The only thing they share is the word "Outlook".

    3. Re:Why is anyone running outlook anymore? by jfroot · · Score: 3, Interesting

      The reason we use Outlook 2002 is because it does IMAP and Extended MAPI. There are NO OTHER email clients that run on Windows, do IMAP and support extended MAPI. We need extended MAPI for integration into Maximizer (crm type thing).

    4. Re:Why is anyone running outlook anymore? by huge · · Score: 2, Interesting
      And the easy solution to these Outlook Worms is to QUIT USING OUTLOOK.


      At home, pine is enough for me, but at the office it's a different thing.

      There are lot's of companies out there who are using Outlook just because they are using MS Exchange. They are using exchange because it has 'nice' group calendar (which isn't that bad, though I cannot say the same about Exchange itself) and there aren't that many good mail/calendar solutions available.

      Agreed, part of the problem are IT managers who think world is revolving around windows, and they cannot see any other non-M$ solutions.
      --
      -- Reality checks don't bounce.
    5. Re:Why is anyone running outlook anymore? by md17 · · Score: 3, Interesting

      What about Ximian Evolution as a secure Outlook replacement?

      It can even talks to Exchange servers.

      Oh-yeah, it runs on Linux, so I guess that rules it out as an Outlook replacement for you windows people.

  3. Re:The relationship destroyer by Pedrito · · Score: 5, Interesting

    I just noticed the "Windows/Outlook Only" part of the post. Maybe Windows, but not Outlook only. My mother uses Netscape mail (at least a 3 year old version), and it's obviously quite compatible with the virus.

  4. If you have to write a mailing virus... by vidnet · · Score: 2, Interesting
    In addition to the following list of subjects, the worm can create a new message as a reply to or forward of an existing message on the infected system.

    Get 8 FREE issues - no risk!
    Your Gift
    Get a FREE gift!
    150 FREE Bonus!
    25 merchants and rising
    New bonus in your cash account
    etc..

    If you have to write a mailing virus that relies on people opening it, why would you make it use spam-like subjects?

  5. Crazy Printer by imevil · · Score: 2, Interesting

    The virus has a "bug": when it does its filthy things with window shares it also does something with shared printers, so if one morning you find a stack of paper on the printer with one line of gibberish per sheet (and something about a DOS program not being able to execute) it could be BearBug. Or someone who printed out and exe file from notepad.

  6. Re:Safe and secure by Blkdeath · · Score: 2, Interesting
    Better still, have it replace Windows when nobody's looking
    Not so long ago, we almost had that very thing. A tarball and a UMSDOS filesystem and we're good to go.
    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  7. DDoS attacks it's not the only use. by TrixX · · Score: 4, Interesting

    The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses.

    This is only one possibility. Some warez communities use this kind of backdoors (specially code red) to install FTP servers in infected machines, and upload illegal software there. Then they distribute the IP addresses of this "stash" PCs.

    In that way, they have essentially a big farm of servers to provide content to their users. Obviously, the real owners of this servers don't know about that.

    Somebody showed me this some time ago. The guy was receiving warez access in exchange for doing some "work" for the warez admins. I talked to him and he didn't even know that this "IIS scanner" he was running for them was used for cracking into other PCs.