Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91867 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bugbear B


  • Please log in to reply
2 replies to this topic

#1 gracesaved

gracesaved

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 09 June 2003 - 08:42 AM

New version of Bugbear mauling users

Paul Roberts, IDG News Service\Boston Bureau
June 05, 2003, 08:50

A new version of the Bugbear virus is spreading quickly on the Internet, according to alerts posted by leading antivirus companies.

The new variant, called Bugbear.B, was first detected on Thursday and shares many of the same characteristics as the first Bugbear virus, which appeared in September, 2002 and was also known as "Tanatos," according to Helsinki, Finland-based antivirus company F-Secure Corp. [See "Bugbear virus spreading rapidly," Oct. 2]

At least one antivirus company, Network Associates Inc., upgraded its rating on the new virus to "high," the first virus since Slammer to achieve that rating, according to a spokeswoman for Network Associates' McAfee business unit.

Like the first Bugbear virus, the Bugbear.B is an e-mail worm, which spreads by sending copies of itself out as attachments in e-mail messages.

Like its predecessor, Bugbear.B attempts to exploit known vulnerabilities in Microsoft Corp.'s Outlook, Outlook Express and Internet Explorer products that enable attachments to be automatically opened when the e-mail containing them is opened, according to antivirus company Sophos PLC.

Also like the first Bugbear, Bugbear.B is a messy virus that makes a number of modifications to the systems it infects while dropping copies of programs that can snoop on a user's activity, infecting common Windows applications and opening a back door that could be used by hackers, according to Sophos.

Bugbear.B is also capable of detecting and shutting down antivirus programs that it finds running on the systems it infects, Sophos said.

The Bugbear.B virus arrives in e-mail messages with a variety of subjects such as "Your news Alert," "Your Gift," "click on this!" and "cows."

In addition to pulling subjects from a list it maintains internally, the virus randomly excerpts content from files on the hard drives of computers it infects and uses that information to supply the subject line for messages carrying the virus, according to David Emm, marketing manager for McAfee AVERT.

Like the subject line, the e-mail attachment containing the virus code also uses a variety of names chosen from a list maintained by the worm or grabbed from files on the infected host computer.

Attachments use a variety of file extensions including ".exe," ".scr" and ".pif," and names such as "readme," "setup," "photo," and "news," according to F-Secure.

Bugbear.B also contains address spoofing features that enables it to pull e-mail addresses skimmed from files on the infected computer and insert them in the "From" line of the e-mails it sends out, Emm said.

Recipients might be tricked into opening the message from a trusted source, and can also be fooled into thinking that the sender's machine has been infected with Bugbear.B, when another machine is really the source, he said.

Unlike the first Bugbear virus, however, the new variant is "polymorphic," meaning that it is capable of subtly changing the way the virus code is encrypted to fool antivirus software, he said.

"There's a potential danger with polymorphic viruses that if you don't construct your virus detector properly, you could miss some samples," he said.

McAfee AVERT first detected the new Bugbear variant on Wednesday, upgrading it to a "Medium" risk and then to a "High" risk on Thursday and the number of reported infections mounted.

Other antivirus companies, including Symantec Corp. and F-Secure continued to rate Bugbear.B as a moderate risk early Thursday.

The sheer number of actions taken by the virus after it infects machines, including its ability to squelch antivirus software, install a backdoor on machines and infect common application executable files, which then reinfect machines when they are opened, makes disinfecting machines hit with the virus more complex than with previous viruses, Emm said.

Antivirus companies recommended that customers update their antivirus software to protect against Bugbear.B. Instructions and tools for removing the virus from infected machine were also provided by leading antivirus vendors.

From: http://www.idg.net/i...716_1-5046.html


††Powered by God††

    Advertisements

Register to Remove


#2 Zero

Zero

    Not really Less Than One ;-)

  • Authentic Member
  • PipPipPip
  • 268 posts
  • Interests:Long walks on the beach.

Posted 10 June 2003 - 02:20 PM

FYI, http://tomcoyote.org...ct=ST&f=26&t=26

Thanks for more info though :)
Posted Image

#3 fred

fred

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 26 June 2003 - 10:56 AM

McAfee Stinger detects and removes both Bugbear variants. For free!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users