Feds Investigate Virus Attack on Financial Industry

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The security community and the federal government are on alert for what could be another evolution in computer viruses.

The newest variant of the Bugbear virus — W32.Bugbear.B@mm — is designed to specifically target financial institutions. When it infects a computer in the financial community, the virus logs keystrokes, steals passwords and sets up backdoor Trojans.

The mass-mailing worm put the security community on alert because it’s the first known widespread virus to target a particular industry, according to Sharon Ruckman, a senior director at Symantec, Corp., the anti-virus company that initially discovered this capability in Bugbear. Symantec has since raised the warning rating on Bugbear from the third level to the fourth out of five.

The financial sector was warned about the virus last week and has suffered minimal impact, according to David Wray, a spokesman for the Information Analysis and Infrastructure Protection division of the Department of Homeland Security. The division is monitoring Bugbear, assessing the damage it’s wreaking and alerting the appropriate people and companies.

The FBI is investigating the virus from a criminal standpoint, according to a spokesman for the bureau.

”This is a little different,” says Wray. ”We don’t know yet if it portends anything. We’ll be on the lookout to see if this becomes a trend.”

Symantec’s Ruckman notes that typically whenever something new emerges in the virus world, more of the same will follow.

The virus’ code contains a list of 1,300 financial sector domain names, according to Wray. Once the virus comes upon one of those names, it immediately acts more aggressively, logging keystrokes, along with the user’s name and password. It also looks in cache for network passwords and will then hunt for the SMTP server name of the infected machine. The virus then puts all the stolen information into a file and sends it out to about 10 different email addresses.

”The person who receives that information, now has the passwords to break into that network,” says Ruckman. ”But they’d still have to go through all the other layers of defenses.”

Security experts are warning companies and home users to frequently update their anti-virus software and maintain their other defenses.

The latest Bugbear variant is another reminder that the threat to computer networks from worms in multiplying in both sophistication and potential for damage. Security experts and the anti-virus community have been warning that the industry is on the cusp of an evolution in computer worms.

”I think there’s a lot of potential for damage coming down the pike,” said Stephen Trilling, senior director of research at Symantec, in a recent interview. ”We will see worms with increasing sophistication. We’ll see worms with new ways of spreading. We’ll see worms that can spread themselves through Instant Messaging… They can steal documents and information from your machine. They can create new holes in your system, and once they’ve taken over your machine, they can launch attacks from it.”