Credit card details at risk from Bugbear-B virus, warns Sophos

June 06, 2003 Sophos Press Release

Sophos, a world-leader in anti-virus protection for businesses, has found that the widely spreading W32/Bugbear-B virus, first detected on Thursday 5th June, contains a "keystroke logger" which allows confidential information - such as passwords and credit card details - to be stolen from infected PCs. When users who have been hit by the virus log onto password-protected websites - such as online banks or ecommerce sites - their passwords and account details are being secretly stored.

An analysis by experts at Sophos's virus labs has also found that Bugbear-B contains the web addresses of over 1,300 banks and financial institutions; suggesting that the virus author is specifically targeting those who bank online. This is unusual as most virus writers have focused on clogging up email servers or slowing down internet servers in the past.

"This virus is highly sophisticated, and has tried to infect hundreds of thousands of internet users around the world," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "With the virus writer including a keystroke logger, together with clues in his code that he's targeting many financial institutions, Bugbear-B could have serious security implications for anyone who shops or banks online without up-to-date virus protection."

Sophos is still receiving many enquiries from users regarding Bugbear-B, and is urging businesses to immediately apply up-to-date anti-virus protection if they have not already done so. Sophos has updated its product to incorporate complete protection against the virus and its keylogger. Disinfection is also built into the update to ensure the virus can be removed from already compromised systems.