HOME >> IT Security >> Computer Virus Incident Reports[Summary]

Computer Virus Incident Reports[Summary]

November 7, 2002
Information-technology Promotion Agency
Security Center (IPA/ISEC)

W32/Bugbear with high probability of spreading damage
W32/Opaserv which expands the infection through LAN emerged!! 

This is a summary of Computer Virus Incident Reports for October  2002 compiled by IPA: Information-technology Promotion Agency.

In October, 1,510 reports were submitted to IPA (September’s reports were 1,193 reports). W32/Klez had 702 reports and still holds to be the worst, but W32/Bugbear, the new virus, had 323 reports and was the second to worst.

W32/Bugbear with high probability of spreading damage emerged!

W32/Bugbear which emerged in October, maliciously uses the security hole of the Internet Explorer, and in the case of Outlook Express, one will be infected just by previewing the e-mail. There is a probability of damage to rapidly increase, hence people must be cautious.


Example: The preview screen for W32/Bugbear virus

When infected by this virus, they will have activities that are listed below. 

1) Sender address is forged
Similar to W32/Klez, it is impossible to get hold of the original sender of the virus imbedded e-mail

2) Shutting down the functions such as the anti-virus software and firewall
Anti-virus software will not be able to scan after the infection

3) Infection through the copied virus file in the shared folder
Damage spreads through the shared network (LAN)

4) Forming a backdoor from the outside
Because of the computer being easily broken-in, damage such as deleting and stealing files might possibly occur

After the infection, damage such as the virus scan unable to operate will occur, thus patching security holes and installing anti-virus software from beforehand is an important necessity.

W32/Opaserv which spreads the infection through LAN

W32/Opaserv spreads the infection to other PCs through shared network. Some spreading of infection of 10 and more PCs through LAN was actually reported. (This virus does not have e-mail sending feature.)

Moreover, even if it is not connected to the LAN, one may be infected through the internet, hence individual users should cancel sharing, and the use of anti-virus software and other measure is a necessity.

Warning for this month: Reconsider the easily shared setting!!
===== Virus damage through the LAN is extensive! =====

When damage is obtained from virus, which infects the shared PCs, such as W32/Opaserv, one must stop the network, then one must scan and disinfect each PC, thus the damage is extensive. In order to prevent these damages,

* Install anti-virus software to the laptop PCs, and scan it before connecting to the network 
* Set the password and keep the files to bare essential sharing
(Full access to the C drive is out of the question)

and use other methods to reconsider the sharing setting.

How to cancel the sharing setting

"Control Panel" => "Network" => "Configuration" => "File and Print Sharing" and by taking the check mark on the "I want to be able to give others access to my files" off, sharing will be cancelled (see the diagram below).


Diagram: Canceling the PC’s file sharing

Inquiry: IPA Security Center (IPA/ISEC)

(ISEC: Information technology SEcurity Center) 
TEL: +81-3-5978-7508 FAX: +81-3-5978-7518
E-mail: Please feel free to call at +81-3-5978-7517.
Emergency call: +81-3-5978-7509
URL: http://www.ipa.go.jp/security/index-e.html

Top Page