Virus could make for a freaky Friday

Antivirus experts again warned that the latest mass-mailing computer virus, Bugbear.B, is continuing its rapid spread across the Net, with some saying the bug could be at its worst Friday.

		Reader Resources Bugbear.B quick facts CNET Software

The growth in the number of computers infected by the virus--which spreads via e-mail and shared networked hard drives--continued to accelerate Friday, with security company Symantec seeing 3,000 reports of infections in just more than 48 hours. That figure equaled the total number of submissions regarding the No. 4-ranked computer virus, Fizzer, for the entire month of May, and it brought to mind the infamous Nimda virus.

"If I compared it to Nimda, it is going at a much faster rate of infection," said Vincent Weafer, senior director of Symantec's security response team.

Nimda hit financial institutions hard nearly two years ago, and because of its severity lent impetus to the creation of several security initiatives, including the U.S. government's National Plan to Secure Cyberspace and Microsoft's Trustworthy Computing initiative.

Weafer predicts that the Bugbear variant won't go into hibernation anytime soon. "The characteristics of the e-mail infectors is such that it could be out there for months and years," he said.

Bugbear.B, which started spreading on Tuesday, infects a computer system when the user opens up an e-mail attachment containing the virus, or when a version of Microsoft's Outlook e-mail client is present on the system and hasn't been updated to patch a two-year-old flaw. The virus installs a "back door" onto a victim's system to allow an intruder access in the future; runs a program to record and store what the user types on the keyboard; and attempts to spread itself through e-mail, network-shares and, in some cases, via a modem connection.

For the most part, the virus is affecting home users, said Weafer. Symantec has seen almost four times as many reports from consumers as from companies. Normally, the split is closer to 60-40, he said.

E-mail service provider MessageLabs has stopped more than 100,000 copies of the virus at its e-mail gateways, placing the program in the No. 1 slot on the company's list of most prevalent malicious attachments. The service provider filters out unsolicited bulk e-mail, or "spam," and viral attachments on behalf of its clients.

Mark Sunner, chief technology officer for the company, said that Friday will likely be the day with the highest number of infections.

"I imagine that it will probably peak today, but the trail-off curve will be slow," Sunner added. "That's a combination of the fact that it disables the antivirus capabilities (on the infected systems) and that this has really gotten by the reactive desktop products."

Sunner also warned companies that, in spreading, the virus can sometimes grab a legitimate e-mail from the victim's in-box and send that out with itself attached. In some cases, the original e-mail could contain confidential information that could hurt the company if received by a competitor.

The SirCam virus, which started spreading almost two years ago, had the same modus operandi, causing embarrassment to many of the companies whose employees became infected.