Virus Alert! BugBear worm installs 'key logger'!

Virus Alert! BugBear worm installs 'key logger'!

This question was answered on October 7, 2002. Much of the information contained herein may have changed since posting.

---

A recently discovered mass-mailing worm labeled "W32.Bugbear@mm" is spreading rapidly In addition to sending itself via e-mail, it can also spread through network shares

It incorporates keystroke-logging and backdoor capabilities and attempts to disarm, disable or destroy most commercial anti-virus programs.

One of the visible symptoms of this worm is strange printer activity, including the printing of garbage or disrupted functionality.

The subject line can be a forward or reply of a real message or a variable of one of the following:

Greets!

Get 8 FREE issues - no risk!

Hi!

Your News Alert

$150 FREE Bonus!

Re:

Your Gift

New bonus in your cash account

Tools For Your Online Business

Daily Email Reminder

News

free shipping!

its easy

Warning!

SCAM alert!!!

Sponsors needed

new reading

CALL FOR INFORMATION!

25 merchants and rising

Cows

My eBay ads

empty account

Market Update Report

click on this!

fantastic

wow!

bad news

Lost & Found

New Contests

Today Only

Get a FREE gift!

Membership Confirmation

Report

Please Help...

Stats

I need help about script!!!

Interesting...

Introduction

various

Announcement

history screen

Correction of errors

Just a reminder

Payment notices

hmm..

update

Hello!

This worm is capable of altering its attack based on the operating system of the victim, which is helping it to spread quickly.

As always, don't open ANY file attachments in e-mail, especially from people you know as they are the most likely sender of the worm.

If you have not had a prior discussion about an attachment or there is not very specific information as to the contents of an attachment in the accompanying message, do not open the file.

If you are going to be sending file attachments in e-mail, be sure to be very specific about the file in the message as a courtesy to the recipient.

Most major anti-virus companies have posted updates on their web site to protect against this latest strain, so if you have not updated your anti-virus software in the last week or so, it would be a good idea to do so...

To make sure have all of the curren critical updates from Microsoft, go to:

www.windowsupdate.com

If you become infected with BugBear, Symantec has posted a removal tool at:

<a href="http://sarc.com/avcenter/venc/data/[email protected] " target="_blank">>http://sarc.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html

</a>

About the author

Posted by Ken Colburn of Data Doctors on October 7, 2002

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!