Multi-threat Bugbear marks return to the 'bad old days'

"Short of including the kitchen sink, this has got everything."

The proliferation of virus scares over the past couple of months represents a return to the bad old days of an outbreak every week, according to one leading anti-virus expert. The latest version of the Bugbear virus has become a global phenomenon with countries worldwide waking up to the problem over the past 24 hours and contributing to its spread. Coupled with the recent outbreaks of Fizzer and the Sobig variants, Jack Clark, product manager at McAfee, fears we are back in the position we were in six months ago when several outbreaks per month was the norm. Clark said: "This is what we were used to six months ago when we were seeing outbreaks given at least medium threat status every week. Since then we have seen a real lull in the number of virus outbreaks. If anything we've been lucky - I'd like to think that people were perhaps put off by a number of high profile prosecutions. "However, none of the sentences handed out with those prosecutions was particularly harsh and I think that may now be encouraging people to get writing again" All major anti-virus vendors have now upgraded the threat of Bugbear.B to their most serious warning levels. The diversity of the threat and the ability to avoid basic levels of detection by morphing are two of the features of Bugbear.B which set it apart from a number of other mass-mailing worms seen in the past few months. However, from an end-user perspective, the fact that the worm can capture key strokes, via a keystroke logger, also raises serious concerns about the security of infected machines. A spokesman for anti-virus vendor Symantec said: "This is a blended threat, combining a mass mailing worm, with an ability to spread through network shares and if you are infected it can record all the keystrokes you make." Graham Clulely, senior technology consultant at Sophos, said in a statement: "With the virus writer including a keystroke logger, together with clues in his code that he's targeting many financial institutions, Bugbear-B could have serious security implications for anyone who banks online without up-to-date virus protection." Clark told silicon.com: "The sheer amount of content with this virus makes it very interesting. There's not a lot left in the virus authors' toolkit which hasn't been included. Short of including the kitchen sink, this has got everything." Bugbear.A was the second most virulent virus of last year and now its progeny looks set on causing similar harm worldwide. Clark added: "We expect to see more variants of this worm by Monday. We're certainly planning for that here, and it's almost a certainty. Something as well distributed as this is naturally going to give rise to variants."