Discovered: September 30, 2002
Updated: February 13, 2007 11:40:35 AM
Also Known As: W32/Bugbear-A [Sophos], WORM_BUGBEAR.A [Trend], Win32.Bugbear [CA], W32/Bugbear@MM [McAfee], I-Worm.Tanatos [AVP], W32/Bugbear [Panda], Tanatos [F-Secure]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
NOTE: Due to a decreased rate of submissions, Symantec Security Response has downgraded this threat from a Category 3 to a Category 2 as of October 24, 2003.
W32.Bugbear@mm is a mass-mailing worm. It can also spread through network shares. It has keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus and firewall programs.
Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.
It is written in the Microsoft Visual C++ 6 programming language and is compressed with UPX v0.76.1-1.22.
Protection
-
Initial Rapid Release version September 30, 2002
-
Latest Rapid Release version June 25, 2009 revision 003
-
Initial Daily Certified version September 30, 2002
-
Latest Daily Certified version June 25, 2009 revision 007
-
Initial Weekly Certified release date September 30, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: High
-
Threat Containment: Moderate
-
Removal: Moderate
Damage
Distribution
Writeup By: Yana Liu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
