W32.Bugbear@mm Upgraded To Level 4 Virus

Thursday, 3 October 2002, 12:37 am
Press Release: Symantec

Name: ::::::::::::W32.Bugbear@mm

Category: ::::::::::::4 (severe)

Virus Definitions: ::::::September 30, 2002 (US Pacific Time)

Type: ::::::::::::Worm

Aliases: ::::::::::::W32/Bugbear-A [Sophos], WORM_BUGBEAR.A [Trend], Win32.Bugbear [CA], W32/Bugbear@MM :[McAfee], I-Worm.Tanatos [AVP], W32/Bugbear [Panda], Tanatos [F-Secure]

Payload: ::::::::::::Large-scale emailing: Attempts to mass-mail to addresses harvested from a compromised host using it's own SMTP engine. Compromises security settings: May allow unauthorised access to compromised machines. Attempts to terminate processes of various antivirus and firewall programs.

Subject of email: ::::::Variable

Name of attachment: ::::::Variable, with double extension ending in .exe, .scr, or .pif

Size of attachment: ::::::50,688 bytes

Ports: ::::::::::::36794

Shared drives: :::::: :::Attempts to connect to available network resources

Today Symantec Security Response has upgraded W32.Bugbear@mm from a 3 to a level 4 virus on a scale of 1-5, with 5 being the most serious. The upgrade is due to the increase of customer submissions to Security Response from customers. As of yesterday morning, Symantec had a total 157 submissions of the virus from consumers. This morning, Symantec Security Response has had 2039 submissions from consumers.

W32.Bugbear@mm can be categorised as a blended threat. It is a mass-mailing worm and can also spread through network shares. It also has keystroke-logging and backdoor capabilities and attempts to terminate the processes of various antivirus and firewall programs. It includes a Trojan that attempts to disable antivirus and firewall software so it can then attempt to steal the user's passwords and credit card details. It installs a keylogger on compromised systems to capture the user's key strokes which could expose usernames and passwords or other confidential information. It has a bug that causes it to attempt to replicate to network printers when looking for network drives to infect. This can cause strange print outs from printers.

Advertisement - scroll to continue reading

Both the subject of the email and the name of the attachment are variable but the size of the attachment is always 50,688 bytes. The worm's email message uses one of the following subjects:

Greets!
Get 8 FREE issues - no risk!
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
Tools For Your Online Business
Daily Email Reminder
News
free shipping!
its easy
Warning!
SCAM alert!!!
Sponsors needed
new reading
CALL FOR INFORMATION!
25 merchants and rising
Cows
My eBay ads
empty account
Market Update Report
click on this!
fantastic
wow!
bad news
Lost & Found
New Contests
Today Only
Get a FREE gift!
Membership Confirmation
Report
Please Help...
Stats
I need help about script!!!
Interesting...
Introduction
various
Announcement
history screen
Correction of errors
Just a reminder
Payment notices
hmm..
update
Hello!

All versions of Windows are vulnerable to this worm but users of Macintosh, Unix and Linux are not.

Virus definitions are available to Symantec customers through LiveUpdate. A removal tool is also available via Symantec Security Response at http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.htm As usual, Symantec encourages users to download virus definitions on a regular basis.

A scan to check for the presence of W32.Bugbear@mm is available at Symantec Security Check www.symantec.com/securitycheck . The free service enables PC and Macintosh home users around the globe the opportunity to pinpoint, understand, and resolve online security vulnerabilities of their individual computers.

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

Business Canterbury: Urges Council To Cut Costs, Not Ambition For City

The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.

Wellington Airport: On Track For Net Zero Emissions By 2028

This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.

Landcare Research: ANZAC Gall Fly Release Promises Natural Solution To Weed Threat

A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands. The Chief of Quarantine in the Marshall Islands, Ms Silver Wase, says chromolaena was identified as a top priority for the Marshall Islands at a stakeholder workshop held in the country in December 2022.

NZ Anti-Vivisection Society: Auckland Rat Lovers Unite!

On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.

University of Canterbury: $1.35 Million Grant To Study Lion-like Jumping Spiders

A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.

Federated Farmers: Government Ends War On Farming

Today’s changes to unworkable and expensive regulations mark the end of the war on farming, says Federated Farmers freshwater spokesperson Colin Hurst. "These impractical rules have been a complete nightmare since the day they were introduced and farmers will be pleased to see the back of them," Hurst says.

Join Scoop Pro

Submit News

Become a Member