Feds escape Bugbear bite

The variant of the Bugbear computer worm that started to spread throughout the Internet on June 5 doesn't appear to have adversely impacted federal agencies, according to initial reports from cybersecurity experts.

Hit by a wave of fast-spreading, Internet-borne viruses over the past few years, agencies, like many corporations, have moved to shore up virus protection and cyberdefenses, agency security officers and security experts noted.

Bugbear is an Internet mass-mailing worm. Once activated on a computer, the worm e-mails itself to addresses found on the local system. The sender address in a message can be spoofed, or forged, and so is not a direct indication of an infected user. Bugbear spreads using network shares and by mailing itself using the default Simple Mail Transfer Protocol engine. Users will know that they have been infected by the presence of a non-standard .EXE file in the startup folder, virus experts said.

"We have not seen any of our government customers infected," said Peter Stapleton, product marketing manager at NetSec Inc., which provides security services for nine cabinet-level departments including the departments of Agriculture, Justice and the Treasury.

"We've advised all of our clients they should not allow executable files through the e-mail server," Stapleton said.

Blocking executable content at the e-mail gateway has become a standard policy of many agencies over the past two to three years, said Jimmy Kuo, a member of Network Associates Inc.'s AntiVirus Emergency Response Team (AVERT). As a result, Network Associates' government clients, such as the Defense Information Systems Agency and the Department of Veterans Affairs, weren't infected with the Bugbear variant.

Veterans Affairs cybersecurity chief Bruce Brody confirmed Kuo's claims, noting that Bugbear's impact was "negligible." He added, "Our antivirus defenses are robust."

The Department of Defense also viewed Bugbear as a low-level threat. "The Joint Task Force-Computer Network Operations, in coordination with the Department of Defense Computer Emergency Virus Response Team, assesses viruses and their potential impact to DOD systems," according to a JTF-CNO spokesman in a statement e-mailed to FCW. The DOD works closely with industry partners and virus protection vendors to ensure that the agency stays up to date on antivirus signatures and that they are deployed across DOD's global information network. "Because we continuously and rapidly take such proactive measures, the JTF-CNO and the DOD CERT have assessed the impact of the named viruses as low threat and note no significant impact to date," the DOD spokesman said.

The Bugbear variant was still spreading through the Internet on Friday, prompting virus protection teams at Network Associates and Symantec Corp. to classify the worm as a high risk.

Symantec Security Response analysts had tracked 1,002 submissions of the variant, known as W32.Bugbear.B, by Friday, said Vincent Weafer, senior director of Symantec Security Response. Symantec analysts don't think the worm's spread has peaked yet. By comparison, the original Bugbear worm was discovered on Sept. 30, 2002 and peaked in its fifth day with 6,888 submissions.

Dan Caterinicchia and Judi Hasson contributed to this story.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.