Sophos, a world-leader in anti-virus protection for businesses,
has found that the widely spreading W32/Bugbear-B virus,
first detected on Thursday 5th June, contains a "keystroke logger"
which allows confidential information - such as passwords and
credit card details - to be stolen from infected PCs. When users
who have been hit by the virus log onto password-protected websites
- such as online banks or ecommerce sites - their passwords and
account details are being secretly stored.
An analysis by experts at Sophos's virus labs has also found
that Bugbear-B contains the web addresses of over 1,300 banks and
financial institutions; suggesting that the virus author is
specifically targeting those who bank online. This is unusual as
most virus writers have focused on clogging up email servers or
slowing down internet servers in the past.
"This virus is highly sophisticated, and has tried to infect
hundreds of thousands of internet users around the world," said
Graham Cluley, senior technology consultant, Sophos Anti-Virus.
"With the virus writer including a keystroke logger, together with
clues in his code that he's targeting many financial institutions,
Bugbear-B could have serious security implications for anyone who
shops or banks online without up-to-date virus protection."
Sophos is still receiving many enquiries from users regarding
Bugbear-B, and is urging businesses to immediately apply up-to-date
anti-virus protection if they have not already done so. Sophos has
updated its product to incorporate complete protection against the
virus and its keylogger. Disinfection is also built into the update
to ensure the virus can be removed from already compromised