1. /
  2. Security Response/
  3. W32.Bugbear.B@mm

W32.Bugbear.B@mm

Risk Level 2: Low

Discovered:
June 4, 2003
Updated:
February 13, 2007 12:02:04 PM
Also Known As:
Win32.Bugbear.B [Computer Asso, W32/Bugbear.b@MM [McAfee], PE_BUGBEAR.B [Trend], W32/Bugbear-B [Sophos], I-Worm.Tanatos.b [Kaspersky], W32/Bugbear.B [Panda], Win32/Bugbear.B@mm [RAV]
Type:
Worm, Virus
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
CVE-2001-0154


W32.Bugbear.B@mm worm is:
  • A variant of W32.Bugbear@mm.
  • A mass-mailing worm that also spreads through network shares.
  • Polymorphic and also infects a select list of executable files.
  • Possesses keystroke-logging and Backdoor capabilities.
  • Attempts to terminate the processes of various antivirus and firewall programs.

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

In addition, the worm contains routines that specifically affect financial institutions. This functionality will cause the worm to send sensitive data to one of 10 hard-coded, public Internet e-mail addresses. The sent information includes cached passwords and key-logging data.

Because the worm does not properly handle the network resource types, it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.

NOTES:




Security Response has received many submissions of corrupted W32.Bugbear.B@mm samples. A specific detection for this type of infected file has been added as W32.Bugbear.B.Dam. This detection is available in virus definitions dated June 6, 2003. Be sure to delete the files detected as W32.Bugbear.B.Dam.

Antivirus Protection Dates

  • Initial Rapid Release version June 5, 2003
  • Latest Rapid Release version February 9, 2015 revision 038
  • Initial Daily Certified version June 5, 2003
  • Latest Daily Certified version February 10, 2015 revision 003
  • Initial Weekly Certified release date June 5, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report