The two worms, Bugbear and Opaserv, were discovered on September 30 and have been classified by security company Symantec as Category 3 threats. Most attacks are classified Category 1, completely harmless, and a few, such as Nimda and Klez, are classified Category 4, very serious. There have been no Category 5 threats released.
Bugbear, a worm designed to steal credit card numbers, hit first in Australia. As of last night 166 submissions had been received by Symantec alone, with 67 percent occurring in Australia and New Zealand. "We've had a few corporates phoning in, some of our larger customers," David Banes, regional manager of Symantec security response told ZDNet Australia.
However, overnight the number of submissions has jumped to 800, with 60 percent now being reported from Europe. Banes said the worm is interesting because it avoids mailing itself to certain addresses that could bring it to the attention of systems administrators, and attempts to shut down firewalls. It also has a bug that makes it try to copy itself to printers, resulting in some victims claiming their printers are spewing out garbage.
"It's the first worm I've seen that is detrimental to the environment," said Banes, "the way it's chewing through all those trees."
The second Category 3 worm, Opaserv, has spread faster than Bugbear with Symantec receiving 1,200 submissions since it was discovered two days ago. However, the worm is yet to register a large-scale impact in the Asia-Pacific, with only 2.5 per cent of submissions coming from the region.
"Opaserv has probably spread more because of its file name, Scrsvr.exe, so people think it's a screensaver and click on it," said Banes. The worm attempts to download updates from www.opasoft.com, but the site has already been taken down.
Security companies have been scrambling to create updated antivirus systems for the worms and fixes for the damage it does. Symantec is short staffed today as security experts worked late into the night fighting the threats.
"We had two different teams working on two different threats," said Banes.
