1. Most Discussed
  2. Gainers & Losers

Back-door bug may live on in cleaned computers

  1. Back-door bug may live on in cleaned computers
    By Sue Lowe
    October 5 2002





    The estimated 2200 Australian companies and individuals attacked by the Bugbear computer virus this week have been advised to change all passwords, especially to Internet banking sites or where credit card details are stored.

    Australia was one of Bugbear's biggest targets, reporting about 10 per cent of the 22,000 attacks logged in the first three days.

    While other viruses, such as Melissa, were more prolific, Bugbear carries a nastier payload.

    Bugbear is said to create an open "back door" into a computer system through which email and data could be accessed and stolen.

    It brings with it a program that can record the computer user's keystrokes, including passwords.


    An alert from the United States' National Infrastructure Protection Centre, issued yesterday, highlighted the risks to recipients even after they have cleaned their systems with anti-virus software.

    "The worm is capable of intercepting victims' Internet activity, for example, credit card information, banking information, user names and passwords," the alert said.

    "The NIPC is urging all infected owners to change log-ins and passwords after the infection has been reported and removed."

    Jamie Gillespie, a security analyst with the Australian Computer Security Response Team, said: "Even if the system is cleaned, all the data entered while the virus was active may still be sitting somewhere for future malicious use."

    John Geurts, security head at the Commonwealth Bank , which has the largest number of Internet bankers in Australia, said: "It's not a major concern for the bank at this stage.

    "We've seen no evidence of Bugbear internally or through [online] customers."

    He added that the bank routinely scanned for strange behaviour on user accounts.

    However, the Commonwealth Securities division of the bank does appear to have become an indirect victim of an earlier virus. A number of emails have been reported that purport to be from the company and which include valid account numbers, but are disguised viruses.

    Mr Geurts said it was possible for viruses such as Klez, still the most prolific virus, to use a name from an Outlook address book to disguise itself before self-replicating through the email.

    "It would have come from a customer of the bank who was infected," he said.

    He was aware of only one complaint from a customer.

    Westpac also said Bugbear was not seen as a major problem at the bank.

    One of New Zealand's largest Internet service providers said it had filtered out about 25,000 copies of the virus on Tuesday, the day after the virus hit.

    Telstra said it had not seen evidence of the virus internally, but had "a low level" of calls from BigPond Internet customers who had become infected.

DISCLAIMER:
Before making any financial decisions based on what you read, always consult an advisor or expert.

The HotCopper website is operated by Report Card Pty Ltd. Any information posted on the website has been prepared without taking into account your objectives, financial situation or needs and as such, you should before acting on the information or advice, consider the appropriateness of the information or advice in relation to your objectives, financial situation or needs. Please be aware that any information posted on this site should not be considered to be financial product advice.

From time to time comments aimed at manipulating other investors may appear on these forums. Posters may post overly optimistic or pessimistic comments on particular stocks, in an attempt to influence other investors. It is not possible for management to moderate all posts so some misleading and inaccurate posts may still appear on these forums. If you do have serious concerns with a post or posts you should report a Terms of Use Violation (TOU) on the link above. Unless specifically stated persons posting on this site are NOT investment advisors and do NOT hold the necessary licence, or have any formal training, to give investment advice.

Top