Bugbear is currently the most reported virus around the world, with the number of individuals and organisations contacting Symantec reporting an infection doubling overnight to more than 6,000. Of that figure, around 600 reports have come from Australia. In the same period of time (September 30 to October 4) Symantec received 4,500 submissions for Klez.h, and 3,200 for Opaserv, which was also discovered on Monday. Other security companies report similar findings.
Symantec spokesperson Lindy Yarnold told ZDNet Australia they expect the percentage of reports from Australia relative to regions in other time-zones to increase over the working day today.
However, security experts say it is too early to tell whether Bugbear will have the same longevity as Klez, pointing out that Klez has been around for a long time while Bugbear is still in its peak distribution phase, when many people aren't protected from it. When Bugbear was first discovered on Monday, many security experts expressed an opinion that it wouldn't be that big a deal, and are now surprised at its success.
"I think what's most surprising about viruses is there are several hundred new viruses a month, and several could have gone this way," Paul Ducklin, head of global support for Sophos Anti-virus told ZDNet Australia. "This one had the good luck, or bad luck, depending on how you look at it, to take off."
David Banes, regional manager of Symantec security response, was also surprised at the spread of Bugbear. "I'm a bit surprised, because you'd think most people would have patched by now," he said, referring to the vulnerability in Outlook which is used by Bugbear to automatically launch the virus attachment. This is the same vulnerability that is used by Klez.
Allan Bell, marketing director for Asia Pacific, Network Associates, said that most large corporations were now protected, but home users and SMEs were continuing to suffer infection.
"Each virus tends to have a different pattern in how the numbers go up and how they go down," said Bell. "Some viruses peak in a day and then disappear, [Bugbear] has built up over the last few days, it has a slower spread."
Most anti-virus companies now have fixes available, that will find and delete Bugbear from a computer. These fixes are necessary because Bugbear will stop many antivirus programs, and so won't be detected by them, according to security experts.
Sophos Fix
http://www.sophos.com.au/support/bugbear.html
Symantec Fix
http://www.sarc.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html
McAfee Fix
http://vil.nai.com/vil/stinger/
Security experts also recommend users patch their copy of Outlook Express, so that future viruses attempting to take advantage of the auto-launch vulnerability will not automatically infect them.
Microsoft Patch
http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp
