HomeNetworking

Virus Advisory: New Bugbear Worm

Small Business Computing Staff
By Small Business Computing Staff

Wayne N. Kawamoto
Managing Editor, www.smallbusinesscomputing.com

AVERT (Anti-Virus Emergency Response Team), a division of Network Associates, assigned a medium risk assessment to the recently discovered W32/Bugbear@MM, also known as Bugbear. According to the organization, Bugbear is a destructive mass-mailing worm that spreads via network shares and by emailing itself to the user’s local address book. It also contains a backdoor Trojan component that contains keylogging functionality. It was first reported to McAfee AVERT UK research Lab Monday morning, and has been found in numerous countries including the United States, England and India.

Symptoms
Bugbear is an Internet worm that once activated, emails itself to addresses found on the local system in the user’s address book. When run on the victim’s machine, Bugbear copies itself into the Window Directory System as a random executable file with the file extension .EXE). The Local Machine Registry key is set in order to hook next system startup. The worm then copies itself to the Startup folder on the victim’s machine as ***.EXE, where “***” is a random file. Because Bugbear utilizes numerous subject headers, users should immediately delete email containing the following:

Subject:

  • Found
  • Daily Email Reminder
  • Just a reminder
  • Lost
  • Market Update Report
  • Membership Confirmation
  • Your News Alert

Body of email:
The message body and attachment name vary. It is common for the attachment name to contain a double-extension such as doc.pif. Outgoing messages make use of the incorrect MIME header in Microsoft Internet Explorer, which can cause IE to execute email attachments in version 5.01 or 5.5 without SP2.

Trojan component
Bugbear opens a port on the victim machine – port 36794 and searches for various running processes, stopping them if found. The list of processes includes many popular AV and personal firewall products. It drops a DLL on the victim machine – keylogger related. This DLL is detected as PWS-Hooker.dll.

Once Bugbear infects a computer system, it will attempt to terminate the process of the system’s security programs.

Small Business Computing Staff
Small Business Computing Staff
Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales.
Previous article
Office 97 Users Warned: Upgrade Or Face Security Risks
Next article
ServGate Offers Upgradeable Security Appliance

Related Articles

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales. To address the needs of these small businesses, Small Business Computing offers detailed coverage of cost-effective technology solutions, including lists of top vendors, product comparisons, and how-to guides that offer specific tools to help solve issues.

Advertisers

Advertise with TechnologyAdvice on Small Business Computing and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.