Known as W32.Bugbear or I-Worm.Tanatos, the mass-mailing computer virus startedvia e-mail on Sunday. On Tuesday, it accounted for nearly 11,000 infected e-mail messages intercepted by e-mail service provider MessageLabs' gateway servers. That placed it second to , which accounted for about 14,000 e-mail messages.
"It is so hard to stay up with all the patches," said John Harrington, U.S. marketing director for MessageLabs. Harrington said most home users don't even realize they're missing a needed security fix.
The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5, according to an advisory posted by security company Symantec. A flaw in MIME (the multipurpose Internet mail extensions) lets a malicious program attached to an e-mail message execute when the text of the message appears in Outlook. The software problem was patched by Microsoft almost 18 months ago, but some users apparently havetheir computers.
Once running, Bugbear searches a PC for e-mail addresses and uses its own e-mail engine to send off infected messages to each address listed. In addition, it uses random e-mail addresses in the "from" field of the header to camouflage where the infected message is coming from.
The virus also attempts to shut down a host of security programs and antivirus measures, including many personal firewall programs and most popular antivirus scanning engines.
Lastly, Bugbear sends off an encrypted file with information about the computer to a predefined e-mail address and opens a backdoor for network attackers to use to sneak into the system.
Symantec upgraded the threat rating of the virus to a "3" on Tuesday from a "2" on Monday, with the most severe rating being a "5." The rating measures various factors including the destructiveness of a virus and how fast and how far the virus has spread.