Computer Worm Hampers Agents

Increased vigilance needed in travel industry, experts say

By: R. Scott Macintosh

The e-mail messages Sally Watkins received were from her clients in Italy. But there was something very different about them.

“They didn’t make sense,” said Watkins, a Certified Travel Consultant with Century Travel in Austin, Texas. “They were two or three lines referring to things that had nothing to do with me. There were replies to letters that I didn’t even send them.”

After she opened one of the messages, her computer started acting funny. It would send emails at random and her anti-virus protection software began to flicker before the icon disappeared altogether.

Watkins was one of thousands who had been infected by a malicious computer worm called Bugbear B that has been disrupting computers around the world over the past few weeks.

The worm is a new variation of the Bugbear worm that infected computers last October, and which security experts believe was originally designed to steal passwords from banks. But it has spread to thousands of consumer computers.

The worm infected more than 50,000 computers within the week it was first reported, according to statistics from Trend Micro, a company that tracks computer infections and makes anti-virus protection software.

The Bugbear worm uses addresses in a computer’s e-mail program to send messages using the infected user’s identity.

Watkins received the virus from a network of business associates in Italy; many of who had each other’s e-mail addresses, which explains why Watkins got infected e-mails from different sources.

Though other worms are similar to Bugbear B, it is less conspicuous in that the subject line of the message seems ordinary, so people can be caught off-guard if they are not careful.

The code also is not imbedded in an attachment like most other computer worms, so the e-mail only needs to be opened in Microsoft Outlook or Outlook Express to activate the program.

The body of the e-mail can be empty or with text taken from random files or messages found in the infected computer.

“It’s very craftily done,” Watkins said.

Bugbear B has, so far, caused far less damage than other codes, which are designed to completely destroy data and disable computer systems.

The worm was created to get passwords and other private information from global financial institutions listed in the blueprint of the program.

Experts say that the worm has the ability to disable anti-virus protection software and penetrate a system. It then determines if the computer’s user has an e-mail address for one of the banks, and if so, tries to glean passwords and private information off the computer. It takes over the computer modem and sends data through the Internet.

Bugbear B is still just the latest in a line of malicious computer worms and viruses that are growing increasingly sophisticated.

A similar worm called Lovegate F has wreaked more damage, affecting nearly 2 million computers in the last month alone, according to Trend Micro’s tracking. Another worm, the SQL Slammer, hit last January, targeting specific servers and affecting scheduling and ticketing of some airlines.

When it comes to malicious programs that affect desktop computer users, PC computers are far more vulnerable than Apple computers. Far more small businesses, including travel agencies, use PC computers than Apple.

Pat Funk, the Association of Retail Travel Agents’ (ARTA) vice president of operations, said she had received a number of responses from members who had been infected by Bugbear B, some who had received hundreds of infected e-mails. Funk, who sends a daily electronic newsletter to members, believes many agents don’t do enough to protect their systems from intrusion.

“Agents just don’t seem to be careful enough when it comes to viruses,” she said. “Agents are not careful with opening attachments. You have to be aware and look at the extension. If the extension is not something that I’m familiar with, I don’t open it.”

David Perry, global director of education at Trend Micro, said users can take steps to protect their personal computers against infection.

“Get and use anti-virus protection and get and use a personal firewall,” he said, noting that both are often packaged together.

Perry also suggested going to any anti-virus Web site and signing up for e-mail alerts that notify computer users of any new viruses that might be affecting systems.

Automated alerts can come with a computer’s software, and often include upgrades to protect against new viruses.

“Getting the notification gives people trustworthy information in an area where there is a lot of untrustworthy information,” Perry said.