Bugbear Mauls Financial Institutions

BugBear, the first virus to target financial institutions specifically, had Australian banks on high alert this week after it was launched against 1200 banks worldwide in an attempt to steal corporate passwords.

Australia's largest banks were included in the 1200 Web addresses embedded in the virus code alongside some of the world's largest financial institutions including JP Morgan Chase, Citibank and American Express.

The destructive infection is being investigated by the Federal Bureau of Investigations (FBI) and led to a formal warning being issued by the US government to financial institutions across the globe.

Network Associates placed the mass-mailing virus, which allows keystrokes from the infected user's keyboard to be captured and allows hackers to gain remote access, at high alert.

NA marketing director Allan Bell said the virus has infected a lot of systems locally and reports from large companies are "significant".

"We are very concerned as there are similar levels of infections here to the US and Europe; we have had a high number of local companies submit samples," Bell said.

He speculated the writer could be testing different techniques to penetrate the banking sector, adding that it is becoming increasingly complex to combat new viruses with the need for companies to combine intrusion detection technology with antivirus software.

The Australian Bankers' Association (ABA) said the impact to date has been minimal as banks had been aware of the virus since January and had taken protective measures early.

"We're aware of the issue but it's not currently showing up as a material risk," an ABA spokeswoman said.

However, a Westpac spokeswoman confirmed the bank had been contacted by customers infected by the virus and a warning had been issued to customers.

The virus, which is a blended threat because it contains a number of dangerous elements, contains a number of subject lines including 'bad news', 'click on this', 'free gift' and 'call for information'.

It disables antivirus software opening the door to other infections and is polymorphic, which means it has the ability to change itself on each infection, making it harder to detect.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts