Science in AfricaLogo Merck: Distributors of fine chemicals and apparatus. Enter here for more information.
October 2002

Article

 

Computer virus proliferating

Yet another computer virus is creating havoc on infected systems worldwide. The latest is Bugbear, a mass-mailing worm also known as Tanatos. The worm spreads in e-mail attachments with randomly generated subjects and names and with one or more extensions.

The worm e-mails itself to all e-mail addresses it finds on an infected system. But it also has the ability to fake information in e-mail headers, so sometimes the sender's e-mail address gets replaced with another address that the worm finds on an infected system. It can also construct its own address. 

According to Symantec information on the worm, it "can construct addresses for the "From:" field using information that it harvests from the infected computer. For example, the worm may find the addresses a@a.com, b@b.com and c@c.com. The worm could create an email message addressed to a@a.com and spoof the "From:" address, so that it appears to come from c@b.com. The spoofed address can also be a valid email address that the worm finds on the system." So though an infected e-mail may appear to come from a particular contact it may not be the case.

Not opening the infected e-mail attachment does not guarantee that you are safe. According to F-Secure, "the worm's messages can contain IFrame exploit that allows it to run automatically on some computers when an infected e-mail is viewed (for example, with Outlook and IE 5.0 or 5.01)." This vulneraibility can be fixed with the latest patch from the Microsoft website.

When an infected e-mail file is activated it copies itself to the Windows system directory with a random name. The worm then activates its payload and can stop several processes running on the computer. A backdoor routine is also created, meaning that a hacker can command the worm to perform several actions such as copying or deleting files on the infected computer. It can also deliver intercepted keystrokes to the hacker - potentially delivering confidential information such as passwords.

The worm thread is also capable of replicating across networks. However, according to Symantec, the worm floods shared printer resources, causing them to print garbage.

The trick is to update your anti-virus software as the worm can effectively disable software that fails to detect the worm.

Visit anti-virus software websites for a tool and further information to disinfect your system. Once your system is clean, it is recommended that logins and passwords be changed.

 

Science in Africa - Africa's First On-Line Science Magazine
Return to Home PageReturn to the TopYour FeedbackRegister with "Science in Africa" 

Copyright  2002, Science in Africa, Science magazine for Africa CC. All Rights Reserved

Terms and Conditions