Sophos, a world-leader in anti-virus protection for businesses,
has found that the widely spreading Bugbear-B virus, first
detected on Thursday 5th June, contains a "keystroke logger" which
allows confidential information - such as passwords and credit card
details - to be stolen from infected PCs. When users who have been
hit by the virus log onto password-protected websites - such as
online banks or ecommerce sites - their passwords and account
details are being secretly stored.
An analysis by experts at Sophos's virus labs has also found
that Bugbear-B contains the web addresses of over 1,300 banks and
financial institutions; suggesting that the virus author is
specifically targeting those who bank online. This is unusual as
most virus writers have focused on clogging up email servers or
slowing down internet servers in the past.
"This virus is highly sophisticated and has tried to infect
hundreds of thousands of internet users around the world," said Rob
Forsyth, Sophos's managing director for Australia and New Zealand.
"With the virus writer including a keystroke logger, together with
clues in his code that he's targeting many financial institutions,
Bugbear-B could have serious security implications for anyone who
banks online without up-to-date virus protection."
Sophos is still receiving many enquiries from users regarding
Bugbear-B and is urging businesses to immediately apply up-to-date
anti-virus protection if they have not already done so. Sophos has
updated its product to incorporate complete protection against the
virus and its keylogger. Disinfection is also built into the update
to ensure the virus can be removed from already compromised
regarding the Bugbear-B virus, which spreads by email and by