Internetrix would like to advise all clients of a new and significant virus threat known as bugbear@mm. This type of virus is known as a worm, for its nature of getting into a system, and then trying to replicate forward from it into other computers.

Please see the link at the end of this email for a link through to the Virus Removal Tool from Symantec. If you already have a anti-virus program installed, make sure you update your virus definitions immediately - we keep ours fairly up to date, and this one slipped through, giving you some idea of how new it is and how fast it is spreading. A number of clients have already been infected.

This virus has four major components that make it a significant security risk, and it is spreading so fast that we believe it necessary to issue this security alert.

The first component is possibly the most dangerous. This worm will attempt to close down almost all security, firewall and antivirus software running on the infected computer system. This means if your computer is infected because of not up-to-date virus definitions, it will render many of the security systems you rely on useless - it will just invisibly close the programs every 30 seconds.

The second part of the virus is a mass-mailing component that spreads the virus to other computers via email. It harvests email addresses from your machine, and uses its own mail sending system to deliver the email at a rapid rate. The payload is contained in an attachment to the email with a .exe, .scr or .pif attachment. Our advice is to NEVER open attachments of this type. Some older versions of Microsoft Email Software has a serious security hole that allows the attachments to auto-execute when you open the email. See http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp for more information on how to protect yourself from this hole.

The third part of the virus is possibly the most dangerous. It opens up a back-door for any hacker to use on your computer. It logs your keystrokes, and harvests your passwords, storing them into files on your computer a hacker can read. Hackers can also get into your system and perform many actions, including deleting files at will. Because of the first part of the virus (security disabling), this sort of vulnerability is extremely dangerous.

The fourth worm component replicates across the network. To do this, the worm lists all of the computers in the network, if you are attached to one. If it locates open administrator shares, it attempts to install itself on the remote computer. This leads to the infection of the compromised network computers as soon as they are restarted.

Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.

Internetrix recommends that all clients who manage their own computer's antivirus activities visit the link below to Symantec's bugbear@mm Removal Tool. If you have any questions, please don't hesitate to contact us.