Bugbear reloaded: New variant of virus spreading widely, warns Sophos

June 05, 2003 Sophos Press Release

Sophos has issued a warning to its customers about a new email-aware virus which has spread widely across the internet.

The Bugbear-B virus (also known as W32/Bugbear-B) spreads by sending itself in emails, and by copying itself across networks. It is based upon the original Bugbear worm (W32/Bugbear-A) which was the second most commonly reported virus in 2002. However the new version has a new trick up its sleeve - it is polymorphic, meaning it changes its appearance in an attempt to avoid detection.

Sophos believes there is a chance the virus will become even more widespread as computer users in North America wake up and begin to access their email.

"Viruses which spread via email often follow the sun," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "As the day begins in countries around the world users will open their email and may open dangerous attachments. It is essential that updated anti-virus and other measures are in place to ensure business continuity."

Sophos has updated its anti-virus products to protect businesses against Bugbear-B, but also offers the following tips to computer users:

  • Update anti-virus protection in order to detect and prevent Bugbear-B. Consider introducing procedures for rapid updates to prevent infection from these fast spreading worms and viruses. Sophos Enterprise Manager is one way to help automate protection updates inside your company.
  • Businesses should block all Windows programs at the email gateway. It is rarely necessary to allow users to receive programs via email. Sophos MailMonitor for SMTP contains threat reduction technology which can help you block dangerous filetypes and executable code at the email gateway.
  • Ensure computers using Outlook, Explorer or Outlook Express are running the latest updated versions. Bugbear-B exploits vulnerabilities in some versions of Microsoft's software, but patches have been available for two years.
  • Follow safe computing practises: technologies such as mail filtering, firewalls and anti-virus are not "fit-and-forget" solutions. Users still need to act responsibly, especially when dealing with unexpected emails containing attachments.

Bugbear-B quick links: