October 05, 2002



Spent this morning dealing with an unfortunate infection by the Bugbear virus. Fiendish little worm, this one, that kills any anti-virus and personal firewall protection you try to turn on until it's uninstalled, and then logs all your keystrokes and passwords and sends them to the bad guys (plus all the usual emailing itself to all your friends stuff we've come to expect from viruses). Even better, it's got a built in emailer, so the old rules about only Microsoft Outlook users being affected no longer applies... even better than that, if you're not right up to date on your Windows Updates, it can infect your system from your email without you even opening an attachment... one of the first major viruses to do so. You've got to admire the workmanship, even if you want to disembowel the inventor.

Anyway, it's coming soon to a computer near you, so you might want to get your Windows right up to date now just in case, and watch for any firewalls or anti-virus programs mysteriously going down. If it happens to you, there's a good fixit program available here.

The shutting down of the ZoneAlarm firewall and preventing it from opening was what gave it away... so I guess you could say the sentry did its job, in a way. But the other upshot is I was so remarkably disappointed with the lack of online support for Zonealarm's free product (hey, BruceR, what did you expect? It was FREE. -ed.) that I've switched to Kerio's equally free personal firewall instead. It was also prone to being disabled by Bugbear, but at least this sentry gives a little yelp of warning before the worm knifes it in the back, unlike Zonealarm did.

PS: The other thing I should say is that, to my surprise, Rogers High Speed, my home ISP, was right on the ball on this one. They had a message to customers filling them in on Bugbear and pointing them to the fixit link above by Oct. 4, which wasn't too bad at all, considering that computer was infected the same day. So good for them.

Posted by BruceR at 04:16 PM