HOME
TOPICS
ABOUT ME
MAIL

 
Never open an attachment if you didn't specifically ask for it by name, regardless of who sent it.
  technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

Windows users: Beware of Bugbear worm


Oct. 9, 2002


By Al Fasoldt
Copyright © 2002, Al Fasoldt
Copyright © 2002, The Post-Standard

   Windows users have another pest to worry about. It's the Bugbear worm, which is spreading quickly by infecting unprotected Windows PCs and e-mailing itself to other computers by stealing addresses from the Windows address book.
   Bugbear affects only Windows computers. Macintosh, Linux and Unix computers are safe. Even if Macs, Linux PCs or Unix computers receive the Bugbear virus, they cannot get infected.
   If your Windows PC is hit by the worm, go to www.bitdefender.com for a free removal program. Look for the word "Bugbear" on the BitDefender page -- it might be called "Win32.BugBear.A" on the site -- and click the "Tools" link to get the removal program.
   Bugbear arrives by e-mail. It tries to disarm every antivirus program and firewall software on the Windows computer. It then mails a copy of itself to individuals in the address book using faked "From:" addresses.
   Bugbear sets up keystroke spy program, logging what is typed in an attempt to capture passwords and credit-card numbers. It apparently e-mails this captured information to a central Internet site.
   The Bugbear worm takes advantage of a well known flaw in Windows that allows incoming mail to run programs. Most Windows users seem to be unaware of this flaw, despite Microsoft's efforts to patch it and many articles about it here and elsewhere. In unpatched versions of Windows, programs (such as viruses) that are hidden in e-mail are automatically run when mail is previewed in the right-hand window of the two Microsoft e-mail programs, Outlook and Outlook Express. Hidden programs are also run whenever you double-click on a message to view it.
   The flaw is much worse than you might suspect. You don't have to open mail to let viruses in. All you have to do is preview it.
   Only a small percentage of Windows PCs have been patched to fix this flaw, and fewer still make use of script blockers that keep Windows from running hidden programs. To patch Windows, go to www.windowsupdate.com and follow the on-screen prompts. For help getting a free script blocker, go to technofileonline/texts/bit050802.html. (That address takes you to my site. There's no "www" in the address.)
   All major antivirus vendors have updated their virus checkers to recognize Bugbear. Even if your antivirus software is set up to check for updates every few days, do a manual update anyway as soon as you can. You should not take chances.
   If your Windows PC does not have antivirus software running all the time, you're taking too many chances. Get good AV software. My choice is AVG, an excellent antivirus program that checks mail as well as files. It's free for personal use. Get it from www.grisoft.com.
   You can also help protect your Windows PC by following some common-sense rules about e-mail and attachments. In addition to patching Windows and installing a script blocker, you should stick to these three "commandments" about e-mail:
   1. Never open (double click on) an attachment if you didn't specifically ask for it by name, regardless of who sent it.
   2. Never trust the sender of any message no matter what. The Klez worm and the Bugbear virus both fake the sender's name and address, and we can expect many more viruses and worms to do this in the future. If you smell a rat when you get a message -- if, for example, you see that your sister-in-law wants you to "try a new game" even though she's never played a computer game in her life -- trash the message. It will almost surely be a virus.
   3. Never send out a warning about a virus to everyone you can think of. We're already getting viruses that way, and the fact that addresses can be faked means your friends might not believe such a warning message is from you anyway. Call your friends on the phone and tell them to read authoritative articles such as this one.