**New Computer Virus (BugBear.B) Makes Way on The Net

FoxNews ^ | June 6, 2003 | Associated Press

[w_over_w]

NEW YORK

[w_over_w]

What's scary about this bug (also called Tanatos) isn't so much the keylogger program, rather when the PC user thinks the main execution file is killed, it suddenly seems to have a way way to recover its executable files and writes them back in every directory on the hard disk (as *.EML/*.NWS-file, normally 78233/79232 bytes in size). . . it's like it has a "trigger" that jumps in when you perform a shutdown or reboot.

But hey! Mcafee and Norton are already advertising they have the current upgrade/downloads to fix the problem.

[w_over_w]

Ping . . . but this post isn't funy.

[w_over_w]

Ping! I read your earlier comments on viruses and would welcome your comments here.

[RiVer19]

Removed this bugger from my wife's work computer yesterday.
She works at home as a programmer and someone at her company got this and spread it to her computer. The nasty thing about this virus is that it gets in iexplorer.exe (Internet Explorer), msimn.exe (Outlook Express), and many other executable files. Norton/Symantec AV will quarantine the files when it finds them. But, it can not fix them. Therefore you LOOSE all the files infected. I had to copy all the executable files from another computer in the house with the same OS (WinME) to a CD-R and carefully replace them on her computer while booted in "Safe Mode" (F8 during boot-up to get there). The virus basically took over her computer. The start menu didn't work right - you couldn't get to NAV to launch it. If you directly ran NAV (Norton Antivirus), it would shutdown in a couple of seconds. So, you couldn't get it to run and clean the system with it up running normally. So, I had to boot into safe mode. Load the update to NAV from a file I downloaded from their web site. Then run NAV to quarantine the infected files. Then reinstall a number of applications that were screwed up that I didn't have copies of the executable files.

So, you don't want to get this mess in your system. Plus the funny thing is that it will take your emails and copy text randomly out of various ones and send them with it's virus to random people in your address book. So, it could send some email that could be embarrassing to you. I've already read of this happening to people.

First thing I had my wife do was unplug the network cable to stop her passing it on. Fun stuff...

[Cagey]

So many of these virus scares are usually a hoax but this one seems to be the real thing. Thanks for the alert.

[w_over_w]

Someone had a fun evening.

Thanks for your imput . . . I'm saving it just in case. So far our home LAN is clean but I think I'll create a virus scanner from a bootable disk just in case.

[RiVer19]

Once you get on a current virus definition file you should be safe. The wife got probably 10 emails this morning that NAV caught and quarantined the attachments on. I think they still have some computers at her office infected sending out emails randomly. It was funny that it was picking up text from these poor folks emails and sending it out to her (and who knows how many other people). Nothing personal was there. But, none of it was supposed to go to my wife.

Point being, current (6/5/03) NAV virus defs will catch and prevent infection of this bug.

[Texaggie79]

So, basically, I DL this virus, hack into the Feds then, say it wasn't me?

[w_over_w]

So, basically, I DL this virus, hack into the Feds then, say it wasn't me?

I thought you were an IS guy? Get series . . . and watch what you say about the FEDs. Carnivore is "in the wild".

[ShadowAce]

Glad I'm immune to this one.

[visualops]

The number defense against virii and trojans is being observant, and using common sense. It is good to run an antivirus program against the occasional web page running a malicious script and the like, but anything that comes via email is easily defended against by not opening attachments from unknowns.
You can also up the security level in Outlook Express (if you use that) to prevent scripts from running- that guards against the few that are executed by the preview pane, rather than an attachment.
I use FoxMail for email, which allows me to show plain text or html with a click, it doesn't have the security problems of OE. It's also great of you have multiple email addresses and like them sorted without rules or trouble.

[Uncle Jaque]

That's funny... I just got an E-mail from someone I know that said "Urgent Request", but it was a "forwarded" message from someone I've never heard of about something I have nothing to do with, and was dated last January.
"Urgent", eh?

There were no attachments, NAV did not go off, and I run Netscape Communicator. Nav virus Defs were updated last week; but having read this I think I'll do it again ASAP!

Isn't this "Bugbear" virus one that's bee around for a while?

I've been having regular NAV hits on incoming "W32KlezH@mm" missles for the past year or so; sometimes one a month, sometimes dozens a day.

Last month something took our Norton AV and firewall down, and would kill them as soon as an attempt was made to re-install. An online virus Scan from Symantec found nothing.

Finally downloaded and with great difficulty launched freeware "ADaware" (whatever it was recognized that as well and attacked it as soon as it hit the HD; I had to launch it from the download manager). That found and removed the likely culprit, spyware called "D CYDOOR". After that and a prolonged manual de-install of NAV/FW and running of purging tools from Symantec, was able to re-install. upgrade, and get security back up and running.

One of the tipoffs that something was amiss was that programs began running very slowly, and 100% of "resources" were being used almost all the time. When I went to run a basic diagnostic checkup, discovered that all security had been taken down. That's when the "fun" began.

"CYDOOR" as best I can determine is a usually benign form of "adware", but apparently can be modified by a clever hacker to function as powerful malware, which is not normally picked up by anti-virus applications. So is slips in under the radar, so to speak, and then opens the security gate to whatever else the hacker wants to infect us with.

It's getting kinda scarey in here, isn't it?

Gotta go now; time to update and SCAN!