Network Associates has raised its risk assessment of the Bugbear.b mass-mailing worm to high after the virus attacked more than 1000 banks across the globe last week.
W32/Bugbear.b@MM, otherwise known as Bugbear.b, was discovered on June 5. The virus is an Internet mass mailing worm that, once activated, e-mails itself to addresses found on local systems, spoofing or forging the sender’s address. It is the first known virus to target financial institutions.
It reportedly tries to steal corporate passwords.
The threat level was increased this week when Bugbear attempted to attack some of Australia’s largest banks.
The virus extracts addresses from file names with the following strings: .DBX, .EML, INBOX, .MBX, .MMF, .NCH, .ODS, and .TBB. Bugbear also spreads by using the default SMTP engine. Users will know that their systems have been infected by the presence of non-standard .EXE files in the start-up folder, according to Network Associates.
The virus uses several subject headers and users should delete all emails that contain the following subject lines: "Announcement", "Daily Email Reminder", "fantastic", "free shopping", "Get 8 FREE issues-no risk!" or "Get a FREE gift."
Once Bugbear infects a computer, it will attempt to terminate the process of the system’s security program.
It contains a polymorphic parasitic file that allows the virus to change with each infection.