Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 


Security Response: W32.Bugbear.B@mm - SEVERE

Symantec Security Response: W32.Bugbear.B@mm - Level 4 - Severe

W32.Bugbear.B@mm is a variant of W32.Bugbear@mm (originally discovered and named in the Sydney Symantec Security Response Centre in October 2002) and appears to be spreading quickly.

W32.Bugbear.B@mm can be categorised as a blended threat. It is a mass-mailing worm and can also spread through network shares. The worm is polymorphic and also infects a select list of executable files. It includes a Trojan that attempts to disable antivirus and firewall software so it can then attempt to steal the user's passwords and credit card details. It installs a keylogger on compromised systems to capture the user's key strokes which could expose usernames and passwords or other confidential information. It attempts to replicate to network printers when looking for network drives to infect. This can cause strange print outs from printers.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message. For further information visit: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-020.asp

Symantec Security Response has rated W32.Bugbear.B@mm a level 4 worm, on a scale of 1-5, with five being the most serious. To date Symantec has received a total of 800 submissions worldwide, with 60% of submissions in EMEA, and 28% of submissions in the Americas. APAC has been infected with 3% of the total submissions worldwide.

Symantec Security Response strongly encourages users to download the latest virus definitions via LiveUpdate or from the Symantec Security Website - http://securityresponse.symantec.com/avcenter/defs.download.html

The worm mass mails itself to e-mail addresses found on the system. It searches for e-mail addresses in the current inbox and in files that have these extensions.


.mmf
.nch
.mbx
.eml
.tbb
.dbx
.ocs

The worm can reply or forward an existing message or create a new message with one of the following subject line:

Hello!
update
hmm..
Payment notices
Just a reminder
Correction of errors
history screen
Announcement
various
Introduction
Interesting...
I need help about script!!!
Stats
Please Help...
Report
Membership Confirmation
Get a FREE gift!
Today Only
New Contests
Lost & Found
bad news
wow!
fantastic
click on this!
Market Update Report
empty account
My eBay ads
Cows
25 merchants and rising
CALL FOR INFORMATION!
new reading
Sponsors needed
SCAM alert!!!
Warning!
its easy
free shipping!
News
Daily Email Reminder
Tools For Your Online Business
New bonus in your cash account
Your Gift
Re:
$150 FREE Bonus!
Your News Alert
Hi!
Get 8 FREE issues - no risk!
Greets!


RECOMMENDATIONS

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server.

These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

For additional information, refer to the Response write up located at

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html

© Scoop Media

 
 
 
 
 
Business Headlines | Sci-Tech Headlines

 

I Sing The Highway Electric: Charge Net NZ To Connect New Zealand

BMW is turning Middle Earth electric after today announcing a substantial contribution to the charging network Charge Net NZ. This landmark partnership will enable Kiwis to drive their electric vehicles (EVs) right across New Zealand through the installation of a fast charging highway stretching from Kaitaia to Invercargill. More>>

ALSO:

Watch This Space: Mahia Rocket Lab Launch Site Officially Opened

Economic Development Minster Steven Joyce today opened New Zealand’s first orbital launch site, Rocket Lab Launch Complex 1, on the Mahia Peninsula on the North Island’s east coast. More>>

Earlier:

Marketing Rocks!
Ig Nobel Award Winners Assess The Personality Of Rocks

A Massey University marketing lecturer has received the 2016 Ig Nobel Prize for economics for a research project that asked university students to describe the “brand personalities” of three rocks. More>>

ALSO:

Nurofen Promotion: Reckitt Benckiser To Plead Guilty To Misleading Ads

Reckitt Benckiser (New Zealand) intends to plead guilty to charges of misleading consumers over the way it promoted a range of Nurofen products, the Commerce Commission says. More>>

ALSO:

Half A Billion Accounts, Including Xtra: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

ALSO:

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>

ALSO:

Get More From Scoop

 
 
 
 
 
 
 
 
 
Sci-Tech
Search Scoop  
 
 
Powered by Vodafone
NZ independent news