Saturday, June 14, 2003

W32.Bugbear.B@mm
W32.Bugbear.B@mm worm is:
A variant of W32.Bugbear@mm.
A mass-mailing worm that also spreads through network shares.
Polymorphic and also infects a select list of executable files.
Possesses keystroke-logging and Backdoor capabilities.
Attempts to terminate the processes of various antivirus and firewall programs.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of ten hard-coded public Internet e-mail addresses. The information sent includes cached passwords and key-logging data.

Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.

NOTE: If you believe your computer may already be infected with W32.Bugbear.B@mm because your antivirus software does not work, scan your system over the Internet with Symantec Security Check.

Symantec Security Response has created a tool http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.removal.tool.html to remove W32.Bugbear.B@mm, which is the easiest way to remove this threat.

The worm can reply or forward an existing message or create a new message with one of the following subject lines:
Hello! update hmm.. Payment notices Just a reminder Correction of errors
history screen Announcement various Introduction Interesting...
I need help about script!!! Stats Please Help... Report Membership Confirmation
Get a FREE gift! Today Only New Contests Lost & Found bad news wow! fantastic
click on this! Market Update Report empty account My eBay ads Cows
25 merchants and rising CALL FOR INFORMATION! new reading Sponsors needed
SCAM alert!!! Warning! its easy free shipping! News Daily Email Reminder
Tools For Your Online Business New bonus in your cash account Your Gift
Re: $150 FREE Bonus! Your News Alert Hi! Get 8 FREE issues - no risk!
Greets!
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)