Two recently discovered worms are spreading across the Internet. The Bugbear (aka Tanatos) worm travels through email messages in which the message content is randomly generated, making the worm more difficult to detect. According to Panda Software, Bugbear affects several antivirus programs and firewalls, leaving the computer somewhat defenseless against other viruses, worms, and network-based attacks.
Kaspersky Lab said that Bugbear also installs a keystroke logger, which records all keyboard activity, including entry of user names and passwords. In addition, the worm allows a degree of remote control over infected machines by providing a means for remote users to manipulate users' files, including downloading and execution, through a Web-based interface the worm installs. The worm can also terminate specified processes. Kaspersky said systems already infected with the Klez worm (one of the widest-spreading worms to date) are especially vulnerable to Bugbear because both worms take advantage of an IFRAME-related security problem with Windows OSs. Kaspersky expects Bugbear to spread widely as well.
Another worm, Opasoft, is also spreading quickly. According to Panda Software, Opasoft isn't destructive; it simply spreads itself from computer to computer. Opasoft spreads through email and across shared drives on a network, and worm attempts to connect to the www.opasoft.com Web site--which has already been disabled so this functionality no longer works.
Kaspersky Lab said Opasoft could have provided some amount of remote control over an infected machine. In particular, because the worm attempts to connect to www.opasoft.com, its intentions were to download updated versions (when available) of the worm and to install and execute malicious scripts. Kaspersky said three variants of the Opasoft worm are in circulation.
Users are advised to obtain the latest virus signature update files from the antivirus software vendor of their choice.