October 15, 2003

An Extra-Special Rant About Bugbear B

Roger Ebert wrote a now-famous review of the movie "North" which began: "I hated this movie. Hated, hated, hated, hated, hated, hated, hated, hated, hated this movie."

I felt the same way on June 5, 2003 -- not about a movie but about a malevolent computer worm which warranted three separate email alerts on that day and the next. The worm is called Bugbear B, and I hate this worm. Hate, hate, hate, hate, hate, hate, hate, hate, hate this worm.

I hate this worm because it took up nearly two-thirds of my time on June 5 in computer "cleaning" and damage control activities, and Bugbear B continues to drain (much less) time away from work. On June 5, I received God-knows-how many copies of this worm in the more than 30 email lists I maintain as part of my job. And that's saying something given that I'm typically a lightning rod for all kinds of interesting viruses, worms, and Trojan horses.

Bugbear B wasn't even 3 days old when it made its infamous debut on June 5, prompting headlines that very day on Reuters and in the Washington Post. The worm is the sequel to a worm called Bugbear (hence the "B") which made its first appearance in October 2002. But Bugbear B is without a doubt the most vicious computer worm I have ever seen in my entire life. Bugbear B:

(1) Sends emails with highly plausible text (stolen from email accounts that the worm previously attacked)
(2) Varies the "From" field, and invents the sending address from out of thin air.
(3) Varies the "Subject" field (at least 25 variations have been found to date, and invents new subject fields)
(4) Includes an attachment (which propagates the worm), invents the name of the attachment from out of thin air.
(5) Has successfully fought back against antivirus software.

And all in a payload just 72 kilobytes big.

Fortunately, the Bugbear B plague has died down somewhat, but at this writing, I suspect (but don't know if) the bastard or bastards who wrote Bugbear B is/are still at large. If so, they may cooking up more evil surprises.

I have to admit, that there's a feeling of awe to this entire episode. As much as I loathe and revile Bugbear B, I can't help but admire the tenacity behind this worm, regardless who built it and their level of computer expertise. (I'll bet that it was someone in high school or college without much expertise.) I must say that my admiration for Bugbear B is a heavily tempered sort of admiration, like watching a nuclear bomb explosion on TV and saying to yourself "Ooh, look at all the pretty colors."

Needless to say, if you get a suspicious email with an attachment from someone you don't know, be sure to alert your local systems administrator. Thank you.

Tags: