10 Jun 2003
Credit card details at risk from new Bugbear-B virus, warns Sophos
Sophos, a world-leader in anti-virus protection for businesses,
has found that the widely spreading Bugbear-B virus, first
detected on Thursday 5th June, contains a "keystroke logger" which
allows confidential information - such as passwords and credit card
details - to be stolen from infected PCs. When users who have been
hit by the virus log onto password-protected websites - such as
online banks or ecommerce sites - their passwords and account
details are being secretly stored.
An analysis by experts at Sophos's virus labs has also found
that Bugbear-B contains the web addresses of over 1,300 banks and
financial institutions; suggesting that the virus author is
specifically targeting those who bank online. This is unusual as
most virus writers have focused on clogging up email servers or
slowing down internet servers in the past.
"This virus is highly sophisticated and has tried to infect
hundreds of thousands of internet users around the world," said Rob
Forsyth, Sophos's managing director for Australia and New Zealand.
"With the virus writer including a keystroke logger, together with
clues in his code that he's targeting many financial institutions,
Bugbear-B could have serious security implications for anyone who
banks online without up-to-date virus protection."
Sophos is still receiving many enquiries from users regarding
Bugbear-B and is urging businesses to immediately apply up-to-date
anti-virus protection if they have not already done so. Sophos has
updated its product to incorporate complete protection against the
virus and its keylogger. Disinfection is also built into the update
to ensure the virus can be removed from already compromised
systems.
Information
regarding the Bugbear-B virus, which spreads by email and by
network shares.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.