Symantec WARNS of a computer worm: W32.Bugbear@mm

SINGAPORE -- October 1, 2002 --

Date	October 01, 2002
Name	W32.Bugbear@mm (discovered Sept 30, 2002) aliases: W32/Bugbear-A [Sophos], WORM_BUGBEAR.A [Trend], Win32.Bugbear [CA], W32/Bugbear@MM [McAfee],  I-Worm.Tanatos [AVP], W32/Bugbear [Panda], Tanatos  [F-Secure]
Threat Assessment	Level 3 (moderate)
Description	W32.Bugbear@mm is a mass-mailing worm and can also spread through network shares. It includes a Trojan that attempts to disable antivirus and firewall software so it can then attempt to steal the user's passwords and credit card details. It installs a keylogger  on  compromised systems to capture the user's key strokes which could expose usernames and passwords or other confidential information. Large-scale emailing: Attempts to mass-mail to addresses harvested from a compromised host using it's own SMTP engine. Compromises security settings: May allow unauthorized access to compromised machines. Attempts to terminate processes of various antivirus and firewall programs. Subject of email : Variable Name of attachment : Variable, with double extension ending in .exe, .scr, or .pif Size of attachment : 50,688 bytes Ports : 36794 Shared drives : Attempts to connect to available network resources Both the subject of the email and the name of the attachment are variable but the size of the attachment is always 50,688 bytes. The worm's email message uses one of the following subjects: Greets! Get 8 FREE issues - no risk! Hi! Your News Alert $150 FREE Bonus! Re: Your Gift New bonus in your cash account Tools For Your Online Business Daily Email Reminder News free shipping! its easy Warning! SCAM alert!!! Sponsors needed new reading CALL FOR INFORMATION! 25 merchants and rising Cows My eBay ads empty account Market Update Report click on this! fantastic wow! bad news Lost & Found New Contests Today Only Get a FREE gift! Membership Confirmation Report Please Help... Stats I need help about script!!! Interesting... Introduction various Announcement history screen Correction of errors Just a reminder Payment notices hmm.. update Hello! All versions of Windows are vulnerable to this worm but users of Macintosh, Unix and Linux are not.
Definitions From Symantec	Available. Symantec virus definitions dated 9/30/02, available via LiveUpdate, will detect this threat. To update definition and for more information please visit: http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html
Symantec Security Response	Symantec Security Response is one of the industry’s largest dedicated team of virus experts. With offices located in the United States, Japan, Australia and the Netherlands, the sun never sets on Symantec Security Response. The centre’s mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats and educate the public on safe computing practices. As new computer viruses appear, Symantec Security Response develops identification and detection for these viruses and provides either a repair or delete operation, thus keeping users protected against the latest virus threats. For more information please visit: http://securityresponse.symantec.com.
Symantec	Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world.  Symantec’s Norton brand of consumer security products is a leader in worldwide retail sales and industry awards.  Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries.  For more information, please visit www.symantec.com.sg