Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Security Response: W32.Bugbear.B@mm - SEVERE

Symantec Security Response: W32.Bugbear.B@mm - Level 4 - Severe

W32.Bugbear.B@mm is a variant of W32.Bugbear@mm (originally discovered and named in the Sydney Symantec Security Response Centre in October 2002) and appears to be spreading quickly.

W32.Bugbear.B@mm can be categorised as a blended threat. It is a mass-mailing worm and can also spread through network shares. The worm is polymorphic and also infects a select list of executable files. It includes a Trojan that attempts to disable antivirus and firewall software so it can then attempt to steal the user's passwords and credit card details. It installs a keylogger on compromised systems to capture the user's key strokes which could expose usernames and passwords or other confidential information. It attempts to replicate to network printers when looking for network drives to infect. This can cause strange print outs from printers.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. For further information visit: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-020.asp

Symantec Security Response has rated W32.Bugbear.B@mm a level 4 worm, on a scale of 1-5, with five being the most serious. To date Symantec has received a total of 800 submissions worldwide, with 60% of submissions in EMEA, and 28% of submissions in the Americas. APAC has been infected with 3% of the total submissions worldwide.

Symantec Security Response strongly encourages users to download the latest virus definitions via LiveUpdate or from the Symantec Security Website - http://securityresponse.symantec.com/avcenter/defs.download.html

The worm mass mails itself to e-mail addresses found on the system. It searches for e-mail addresses in the current inbox and in files that have these extensions.


.mmf
.nch
.mbx
.eml
.tbb
.dbx
.ocs

The worm can reply or forward an existing message or create a new message with one of the following subject line:

Hello!
update
hmm..
Payment notices
Just a reminder
Correction of errors
history screen
Announcement
various
Introduction
Interesting...
I need help about script!!!
Stats
Please Help...
Report
Membership Confirmation
Get a FREE gift!
Today Only
New Contests
Lost & Found
bad news
wow!
fantastic
click on this!
Market Update Report
empty account
My eBay ads
Cows
25 merchants and rising
CALL FOR INFORMATION!
new reading
Sponsors needed
SCAM alert!!!
Warning!
its easy
free shipping!
News
Daily Email Reminder
Tools For Your Online Business
New bonus in your cash account
Your Gift
Re:
$150 FREE Bonus!
Your News Alert
Hi!
Get 8 FREE issues - no risk!
Greets!


RECOMMENDATIONS

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.

These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

For additional information, refer to the Response write up located at

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Media Mega Merger: StuffMe Hearing Argues Over Moveable Feast

New Zealand's two largest news publishers are appealing against the Commerce Commission's rejection of the proposal to merge their operations. More>>

Elsewhere:


Approval: Northern Corridor Decision Released

The approval gives the green light to construction of the last link of Auckland’s Western Ring Route, providing an alternative route from South Auckland to the North Shore. More>>

ALSO:


Crown Accounts: $4.1 Billion Surplus

The New Zealand Government has achieved its third fiscal surplus in a row with the Crown accounts for the year ended 30 June 2017 showing an OBEGAL surplus of $4.1 billion, $2.2 billion stronger than last year, Finance Minister Steven Joyce says. More>>

ALSO:

Mycoplasma Bovis: One New Property Tests Positive

The newly identified property... was already under a Restricted Place notice under the Biosecurity Act. More>>

Accounting Scandal: Suspension Of Fuji Xerox From All-Of-Government Contract

General Manager of New Zealand Government Procurement John Ivil says, “FXNZ has been formally suspended from the Print Technology and Associated Services (PTAS) contract and terminated from the Office Supplies contract.” More>>