Credit card details at risk from Bugbear-B virus, warns Sophos

Sophos Press Release

Sophos, a world-leader in anti-virus protection for businesses, has found that the widely spreading W32/Bugbear-B virus, first detected on Thursday 5th June, contains a "keystroke logger" which allows confidential information - such as passwords and credit card details - to be stolen from infected PCs. When users who have been hit by the virus log onto password-protected websites - such as online banks or ecommerce sites - their passwords and account details are being secretly stored.

An analysis by experts at Sophos's virus labs has also found that Bugbear-B contains the web addresses of over 1,300 banks and financial institutions; suggesting that the virus author is specifically targeting those who bank online. This is unusual as most virus writers have focused on clogging up email servers or slowing down internet servers in the past.

"This virus is highly sophisticated, and has tried to infect hundreds of thousands of internet users around the world," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "With the virus writer including a keystroke logger, together with clues in his code that he's targeting many financial institutions, Bugbear-B could have serious security implications for anyone who shops or banks online without up-to-date virus protection."

Sophos is still receiving many enquiries from users regarding Bugbear-B, and is urging businesses to immediately apply up-to-date anti-virus protection if they have not already done so. Sophos has updated its product to incorporate complete protection against the virus and its keylogger. Disinfection is also built into the update to ensure the virus can be removed from already compromised systems.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at