The Return Of The BugBear Worm

Antivirus vendors are warning that a new version of an Internet worm that struck last year is poised to wreck havoc again. The BugBear.B worm, a descendant of the original BugBear, which struck fiercely last year, is being called a high-risk threat to corporate and home users by antivirus vendors.

BugBear.B is a veritable Swiss-army knife of malicious code, packing a slew of apps designed to help the virus spread, disable security software, hide its path, and make off with confidential information.

The worm can spread using network shares, directly over networks, or through E-mail using its own E-mail engine to mail itself over the Internet.

The worm also packs a key-logger, which can be used to potentially grab passwords, and a Trojan app that allows an attack to gain remote access, according to McAfee Security's Avert Labs. The new BugBear also is a polymorphic file infector, which means it tries to infect dozens of files commonly found on Windows systems. Avert also says the worm attempts to disable dozens of commonly used desktop security applications.

Managed E-mail security-services firm MessageLabs says it has stopped more than 31,000 copies of BugBear.B in 120 countries. The firm says the worm has appeared in as many as one out of every 274 E-mails the company has processed. MessageLabs says the worm has become the most prevalent threat on the Internet in the past 24 hours.