Wednesday, October 23, 2002

Dealing with the BugBear Virus

There's so many viruses nowadays and dealing with it has been a headache. One virus that caught a lot of attention lately is Bugbear. This worm spreads by sending itself in emails and by copying itself around a network. It attempts to exploit vulnerabilities in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer. These vulnerabilities allow an executable attachment to run automatically, even without being double-clicked. Inside this attachment is a Trojan horse which enables the remote capture of passwords and other confidential information.

One unusual symptom of Bugbear infection is that printers can spurt into action. Bugbear tries to copy itself to all types of shared network resources, including printers. Printers cannot become infected, but they will attempt to print out the raw binary data of W32/Bugbear-A's executable code - usually resulting in many wasted pages of paper.

Sophos Anti-Virus is providing a free, fast fix for the BugBear virus. Sophos's fix deactivates the virus automatically before identifying and removing infected files. The fix was developed in Sophos's secure anti-virus laboratory in Sydney, and is now available on Sophos websites worldwide. The fix is only 70KB to download, and takes just a minute or two to run. The disinfected computer does not need to be rebooted.

To protect yourself from future viruses, you should keep in mind some basic rules:
1. Don't blindly trust attachments.
2. Never open an unexpected attachment.
3. Don't assume that an email is safe just because it comes from someone you know - they could be infected themselves.
4. Make sure you know how to update your anti-virus software quickly.
5. Avoid sending around jokes and stupid attachments yourself, as it encourages people to treat them as "mostly harmless".