Bugbear Mauls Financial Institutions
- 12 June, 2003 10:12
BugBear, the first virus to target financial institutions specifically, had Australian banks on high alert this week after it was launched against 1200 banks worldwide in an attempt to steal corporate passwords.
Australia's largest banks were included in the 1200 Web addresses embedded in the virus code alongside some of the world's largest financial institutions including JP Morgan Chase, Citibank and American Express.
The destructive infection is being investigated by the Federal Bureau of Investigations (FBI) and led to a formal warning being issued by the US government to financial institutions across the globe.
Network Associates placed the mass-mailing virus, which allows keystrokes from the infected user's keyboard to be captured and allows hackers to gain remote access, at high alert.
NA marketing director Allan Bell said the virus has infected a lot of systems locally and reports from large companies are "significant".
"We are very concerned as there are similar levels of infections here to the US and Europe; we have had a high number of local companies submit samples," Bell said.
He speculated the writer could be testing different techniques to penetrate the banking sector, adding that it is becoming increasingly complex to combat new viruses with the need for companies to combine intrusion detection technology with antivirus software.
The Australian Bankers' Association (ABA) said the impact to date has been minimal as banks had been aware of the virus since January and had taken protective measures early.
"We're aware of the issue but it's not currently showing up as a material risk," an ABA spokeswoman said.
However, a Westpac spokeswoman confirmed the bank had been contacted by customers infected by the virus and a warning had been issued to customers.
The virus, which is a blended threat because it contains a number of dangerous elements, contains a number of subject lines including 'bad news', 'click on this', 'free gift' and 'call for information'.
It disables antivirus software opening the door to other infections and is polymorphic, which means it has the ability to change itself on each infection, making it harder to detect.