|
|
  |
|
|
|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||
'Bugbear' disables virus protection, mounts attack
By Renay San Miguel (CNN Headline News)
(CNN) -- In the hierarchy of computer threats, the e-mail worm known as Bugbear hasn't yet reached the level of a Code Red, Nimda, Klez or Love Letter. But it could get there, thanks to a particularly nasty feature that has computer security specialists worried. Like so many worms and viruses haunting the shadow lands of cyberspace, Bugbear uses a known flaw in Microsoft's Internet Explorer Web browser to create a backdoor into your computer. That would allow malicious types to steal your data and you wouldn't even know you've been hacked. It can log keystrokes, meaning someone else could steal personal and corporate password and credit card data. Like all worms, it spreads itself; it doesn't need your help by opening up an e-mail attachment. Here's the feature that has Vincent Gullotto, vice president of Network Associates' anti-virus emergency response team scratching his head: Bugbear can disable your anti-virus software. When you scan your computer to see if it's been infected, Bugbear hides among your files, creating its own little terrorist sleeper cell in your Windows software. "It's a common problem," Gullotto told "Hotwired." "We are concerned and have been for a while. We're working on a few different solutions right now, none of which are exactly the ideal solution." Problems don't appear widespreadNone of those words are exactly comforting for computer users, but Gullotto says because anti-virus disabling features are seen in only about 25 percent to 30 percent of the threats that come into computer security firms, it's giving specialists a little more time to find an answer. "This doesn't happen with every single virus," Gullotto said. "It's not yet at the point where customers are having major problems." But the Nimda worm that was released shortly after last year's September 11 attacks was able to hide from anti-virus software. The Klez-e worm, which so far has become the most active computer threat in 2002, also has this stealth capability. Yet even though Bugbear can sneak in under your anti-virus radar, Gullotto still advises computer users to update their anti-virus software. That's because now that Network Associates and other security firms have Bugbear's "signature" -- the secrets behind its malicious software code -- they can offer a solution and download it to users. "If people suspect they have a virus and one where it can disable virus scanners, they should update and then scan their machine completely, and they would find the virus," Gullotto said. "We would then turn around and kill the virus." The ability to hide from anti-virus software strikes at the very heart of what computer security firms do for a living. But Gullotto believes this ability requires some complicated software writing; he doesn't think it's the kind of feature that can be easily added to malicious code. The irony with Bugbear is that it is exploiting a flaw in Microsoft's IE browser that was first discovered back in March. At the time, Microsoft issued a "patch," or software fix, for the flaw. But apparently not enough home and corporate systems downloaded the patch ... and now Bugbear is bugging systems all over our networks.
|
|
|||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||
