Slashdot Mirror


Bugbear Windows Virus Making the Rounds

lysurgon writes "CNN.com is reporting that the "BugBear" virus (Windows/Outlook only) is spreading quickly. Unlike ILovYou-type viri, instead of deleting files or just propagating itself, this animal disables firewall software and opens a port to receive remote commands. The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses. Also worth noting is the puzzlement of anti-virus guys as to why they haven't been able to make the virus spread in the lab. "One of the theories is that this requires an Internet connection in order to spread." Gee, you don't say?"

6 of 449 comments (clear)

  1. What's the plural of virus? by thelenm · · Score: 4, Interesting

    Unlike ILovYou-type viri,

    A bit off-topic, I know, but here's an interesting link about the word "viri", the alleged plural of "virus": What 's the Plural of 'Virus'?

    --
    Use Ctrl-C instead of ESC in Vim!
  2. Why is anyone running outlook anymore? by RailGunner · · Score: 4, Interesting
    Unless your company forces you to connect to an Exchange Server, why would anyone purposely run Outlook or Outlook Express as their mail client? Especially when there's several free alternatives.

    Eudora - http://www.Eudora.com
    Opera Mail - http://www.opera.com
    Mozilla - http://www.mozilla.org
    Netscape - http://www.netscape.com

    I hate to sound callous, but if you're on a standard PPP or SLIP internet connection at home, and you're running Outlook or Outlook Express, then you get what you deserve. If your company is running Exchange Server, then your company is getting what it deserves.

    Fool me once, shame on you. Fool me twice, shame on me. Except between Melissa, ILoveYou, Sircam, Klez, and now this, it's what, fool me a dozen times? Do people just enjoy getting kicked in the teeth repeatedly?

    1. Re:Why is anyone running outlook anymore? by RailGunner · · Score: 4, Interesting
      Well, I'd say that's a good reason not to use MSN. Though I could have sworn Eudora or Mozilla or both supported SPA..

      OK folks, any volunteers to add SPA support to Mozilla Mail? Let's free the MSN users from the shackles of Outlook.

    2. Re:Why is anyone running outlook anymore? by Osty · · Score: 5, Interesting

      why would anyone purposely run Outlook or Outlook Express as their mail client?

      I can't personally speak for OE, as I've not used it in years, but I use Outlook XP because it's the best mail client I've found. I've never been infected by a virus in Outlook XP, because by default it strips malicious attachments (no, I'm not confusing that with an Exchange or mail server stripping those attachments -- we do that at work, sure, but I use Outlook at home with my postfix setup, and I know I'm not stripping attachments there, yet Outlook XP still strips the dangerous attachments). Out of the box, Outlook XP requires you to screw around to shoot yourself in the foot -- it warns you when you try to open an attachment, it'll tell you when there's possibly malicious script in a message and not let you view it in the preview pane, and so on. In short, you actually have to take action to get infected by a virus if you're using Outlook XP.


      Just to clear up any possible misconceptions, Outlook and Outlook Express are two completely different products, with completely different codebases, developed by two completely different teams. The only thing they share is the word "Outlook".

  3. Re:The relationship destroyer by Pedrito · · Score: 5, Interesting

    I just noticed the "Windows/Outlook Only" part of the post. Maybe Windows, but not Outlook only. My mother uses Netscape mail (at least a 3 year old version), and it's obviously quite compatible with the virus.

  4. DDoS attacks it's not the only use. by TrixX · · Score: 4, Interesting

    The article doesn't draw this conclusion, but this effectively sets up slave machines for DDoS uses.

    This is only one possibility. Some warez communities use this kind of backdoors (specially code red) to install FTP servers in infected machines, and upload illegal software there. Then they distribute the IP addresses of this "stash" PCs.

    In that way, they have essentially a big farm of servers to provide content to their users. Obviously, the real owners of this servers don't know about that.

    Somebody showed me this some time ago. The guy was receiving warez access in exchange for doing some "work" for the warez admins. I talked to him and he didn't even know that this "IIS scanner" he was running for them was used for cracking into other PCs.