Office of Information Technology
Home
Calendar
Map
 Home
 Computing
Library
Search

Security: Virus/AntiVirus: News Article

About OIT Security Home Statistics Virus/AntiVirus POlicies &tc How-To Guides Get Our Attention
It's a Bug, a Bear and a Worm
By Michelle Delio
11:18 a.m. Oct. 2, 2002 PDT

It sounds cute and cuddly, but the latest Windows worm is really a monster.Unlike other recent e-mail borne maladies that simply clogged in-boxes and networks, the Bugbear worm, also known as Tanatos, is coded to allow a malicious hacker complete control over infected computers.
Infected machines can be entered remotely through an application that allows the attacker to execute programs and view, copy, alter or delete any information stored on the infected computer.

The worm also has other data-stealing capabilities. It installs a program on an infected system that records all keystrokes and saves them into a file.The worm then sends this file, which attackers obviously hope will contain passwords and other sensitive data, to a few e-mail addresses that are stored in encrypted form in the worm's code.

Bugbear was first spotted Monday. It infects only PCs running Windows operating systems, spreading through infected e-mail attachments. On computers that have not been patched Outbound Link for Internet Explorer's IFRAME vulnerability, the attachment can be executed automatically by Outlook as soon as an infected e-mail is previewed or read.

Bugbear also spreads quickly through computer networks once one connected machine is infected.

It's not easy to identify Outbound Link Bugbear. The worm arrives in e-mail bearing assorted subject headers. The name of the infected attachment can also vary but nearly always has the file size of 50,688 bytes.

Some of Bugbear's side effects are simply malicious and are probably due to a programming error in the worm's code -- the worm sometimes prints out hundreds of pages of nonsense text or its own binary code when a network that includes printers has becomes infected.

Bugbear also can pick up old e-mail messages stored on an infected system and send them to random addresses. This means that private e-mail could be disclosed to third parties.

The worm also attempts to shut down antivirus and firewall programs. Some antiviral application vendors have released free tools Outbound Link to purge systems of the worm.

Copyright Outbound Link © 1994-2002 Wired Digital Inc. All rights reserved.


OIT Security: Footer
NOTE: " Outbound Link" Indicates a link to an external (non-UMBC)

Last modified: 2/3/2003