W32.Bugbear.B@mm worm is:
- A variant of W32.Bugbear@mm.
- A mass-mailing worm that also spreads through network shares.
- Polymorphic and also infects a select list of executable files.
- Possesses keystroke-logging and Backdoor capabilities.
- Attempts to terminate the processes of various antivirus and firewall programs.
The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.
In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of 10 hard-coded, public Internet e-mail addresses. The sent information includes cached passwords and key-logging data.
Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.
Security Response has received many submissions of corrupted W32.Bugbear.B@mm samples. A specific detection for this type of infected file has been added as W32.Bugbear.B.Dam. This detection is available in virus definitions dated June 6, 2003. Be sure to delete the files detected as W32.Bugbear.B.Dam.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.