The latest nasty piece of hacker work, the "bugbear" virus, is causing major headaches for Irish businesses and home computer users, writes Karlin Lillington
The virus opens a "back door" to the computer over the Internet through which a hacker can gain access to files. It also tracks keystrokes, so an unwary computer user may inadvertently reveal login names and passwords to accounts or files.
"It's definitely one of the most malicious I've come across," said Mr Niall Browne, a security architect with Entropy, a Dublin computer security company.
Most anti-virus companies only formally identified the virus on Monday, and began issuing blocks. But one large Dublin company had been hit with over 2,000 infected e-mails by Friday, he said. The company's security system prevented the virus from accessing the company network.
Bugbear, which spreads itself as a file attached to an e-mail, is "a very intelligent virus and keeps learning as it goes along", he said.
The virus exploits a security vulnerability in Microsoft's popular Internet Explorer browser to gain access to a PC. Microsoft issued a patch for the vulnerability 18 months ago that can be downloaded from www.microsoft.com
Bugbear copies itself onto the hard drive of the infected computer and onto any others that share a network, and blocks the ability of those PCs to access the websites of the main anti-virus software companies.
It then goes hunting for e-mail addresses on the computer and e-mails itself to them as an attachment.
Bugbear is hard to spot because it keeps changing the subject heading of the e-mail it sends out and the name of the executable (.exe) file attached to the e-mail, which carries the actual virus program. The virus also uses random e-mail addresses in the "sender" field of the e-mail, making it hard to know where it came from.
Mr Browne said Irish personal names and place names were appearing in infected Irish e-mails, making them look like legitimate communications from a friend or company.
Individual users need up-to-date anti-virus software, while companies need a comprehensive security policy for their networks, said Mr Browne.
Most company infections Entropy was seeing were the result of only having anti-virus protection on some PCs on a network, and not guarding all e-mail entry points.
Computer users can download a free disinfection tool from antivirus company Sophos at www.sophos.com