Latest Bugbear virus claws at banks

Security company Symantec uncovers a sinister new function in the fast-spreading e-mail virus--the intruder harvests passwords used by bank employees.

CNET Asia staff

See full bio

CNET Asia staff

June 11, 2003 8:22 a.m. PT

2 min read

Security company Symantec has uncovered a sinister new function in fast-spreading e-mail virus Win32.Bugbear.B, suggesting that the worm harvests passwords used by bank employees.



		Special report Cracking the nest egg As consumers finally warm to online banking, hackers waste no time in preying on the trend.

"We have discovered a previously unknown functionality within the Win32.Bugbear.B worm and are strongly advising financial institutions worldwide that they may be at greater risk of exposure," Symantec said in a statement.

The company said on its Web site that this new discovery specifically affects employees of financial institutions.

When the worm finds names of banks in a victim's mailbox, it tries to send sensitive data such as cached passwords and keystrokes to one of 10 public e-mail addresses included in its code.

The Win32.Bugbear.B belongs to a new class of e-mail worm that not only attempts to clog networks through malicious replication, but also attempts more serious forms of criminal activity.

According to a report from the Associated Press, the U.S. government has issued a similar warning, and the FBI is currently looking into what security experts believe to be the first Internet attack aimed at a specific economic sector.

The report said professionals who studied the makeup of the new Bugbear worm have found a list of about 1,200 Web addresses for many of the world's largest financial institutions in its code. These include J.P. Morgan Chase, American Express and Citibank.

These experts believe that the BugBear software was programmed to scan mailboxes looking for signs that the victim is a bank employee. If there is a match, the worm then steals passwords and other information and sends them to the 10 e-mail addresses, making easier to compromise the bank's network in future, said the report.

No major bank has yet to report a security breach as a result of the worm, according to news reports.

Soon after it surfaced last Wednesday, security software companies upgraded the Win32.Bugbear.B virus from a medium-level threat to high, because of the rapid rate of infection.

To date, Symantec said it has received 8,932 reports, with 245 of them being from corporate customers.

CNET staff reported from CNETAsia.