New virus allows information theft

Millions of computers worldwide have been infected this week by a fast-replicating virus called Bugbear and security experts warned yesterday that the threat was still accelerating.

Bugbear, known as a mass-mailing worm because it spreads itself through computer users' e-mail programs, was first identified by a security team in Sydney on Sunday, said Lindy Yarnold, a computer security expert with Symantec.

Since then it has spread worldwide, affecting millions of computers in Europe, the US and Asia, with Britain being the hardest hit, followed by Australia and New Zealand, experts said.

"We have upgraded this threat from a category 3 to a category 4, our second-highest threat level," Yarnold told reporters.

"At category 4, that would mean millions of users affected," she said.

Yarnold said that by Thursday, Symantec was receiving more reports of computers infected by Bugbear than by another powerful virus, Klez, which has been plaguing computer users since February.

"The rate of increase in submissions [from affected users] is going up faster than usual," she said, adding that Bugbear was likely to remain a threat for months.

Bugbear is what security experts call a "blended threat," carrying out multiple attacks once inside a computer.

It records users' keystrokes to capture passwords or credit card numbers, attaches itself to e-mails and copies itself onto computers.

The virus is also capable of disabling anti-virus and firewall programs designed to protect computers from attack and can install a "trojan" that will allow hackers remote access to compromised machines, Yarnold said.

While it is difficult to know the exact number of computer users affected or the damage done by Bugbear, Yarnold said it was clearly one of the most virulent viruses yet.

Paul McRae of Message Labs Australia, another computer security firm, said British users accounted for 55 percent of reported Bugbear hits, followed by Australia and New Zealand with 32 percent.

"For some reason, Australia and New Zealand are key targets for this insidious virus," he said. "I think it is simply that the titles of the e-mail messages have attracted people in Australia to open them."

"It is spreading mainly in the UK, then Australia [and] New Zealand, which is unusual as normally you see it go through Europe and the US," McRae said.

Experts said Bugbear arrives disguised as attachments to e-mails, possibly labeled with the names of friends or colleagues, and then exploits the user's address book to replicate itself in new mails.

Symantec said the virus infects only computers operating on the Microsoft Windows operating system and uses the Microsoft Outlook e-mail program.

One sign of the virus is that the size of the attachment is always 50,688 bytes, Symantec said.