Windows users beware! A very dangerous virus/worm (Bugbear.b) is on the loose!

New variant of Bugbear worm is on the rampage and will stop at nothing to infect your PC.

This question was answered on June 6, 2003. Much of the information contained herein may have changed since posting.

---

<font size="2"> A very dangerous worm coined Bugbear.b is spreading quickly and has a very dangerous payload This worm will attack antivirus programs and firewall security programs and render them useless, install a key logger, which records every keystoke and sends to log to another machine, and installs a 'backdoor' program that will allow outside users complete access to the infected system.</font>

<font size="2"> The reason it is spreading so quickly is that it can actually infect users that simply read a message that has an infected attachment Anyone using Outlook or Outlook Express that has the 'preview pane' open, (which allows you to preview the message before you open it) can be attacked by simply clicking on the message.</font>

<font size="3">DATA DOCTORS RECOMMENDS THAT ALL USERS OF OUTLOOK AND OUTLOOK EXPRESS, DISABLE THE PREVIEW PANE UNTIL THEY ARE SURE THAT THEY HAVE ALL OF THE CURRENT WINDOWS AND ANTIVIRUS UPDATES.</font>

<font size="2">To disable the preview pane in Outlook Express, click on View, then Layout and remove the checkmark in front of 'Show preview pane'.</font>

<font size="2"> To disable the preview pane in Outlook, simply click on View, then 'Preview pane'.</font>

<font size="2">According to the Symantec AntiVirus Research Center (parent of Norton AntiVirus software) W32.Bugbear.B@mm is a Category 4 mass-mailing, polymorphic (changes itself every time it propagates) worm that also spreads through network shares This worm infects a select list of executable files, has keystroke-logging and backdoor capabilities and will attempt to terminate the processes of various antivirus and firewall programs.</font>

<font size="2"> The worm takes advantage of a vulnerability in Internet Explorer that can cause unpatched systems to auto-execute the worm when reading or previewing an infected message.</font>

<font size="2"> To patch your system with any known vulnerabilties (free), visit <a href="http://www.windowsupdate.com" target="_blank">www.windowsupdate.com </font></a> to check to see which patches your system needs.</font>

<font size="2"> Also, update your antivirus program immediately so that it can also fend off attacks from this worm...</font>

<font size="2"> Once you have performed these steps, it is safe to turn the 'Preview Pane' back on.</font>

<font size="2"> Because the worm does not properly handle the network resource types, it may also flood shared printer resources, which causes them to print garbage or disrupt their normal functionality </font>

About the author

Posted by Michal of Data Doctors on June 6, 2003

Need Help with this Issue?

We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!