W32.Bugbros@mm

Printer Friendly Page

Discovered: January 05, 2004
Updated: January 05, 2004 8:36:17 PM
Systems Affected: Windows

W32.Bugbros@mm is a mass-mailing worm that propagates by sending itself to all of the contacts in the compromised users Outlook address book.

Discovered: January 05, 2004
Updated: January 05, 2004 8:36:17 PM
Systems Affected: Windows

W32.Bugbros@mm is a mass-mailing worm that propagates by sending itself to all of the contacts in the compromised users Outlook address book. The worm will arrive attached to an email with the following properties:

From: support@microsoft.com
Subject: LiveUpdate Informations
Message:
Hi,
I have send you the needed informations for the new worm-backdoor discovered.
The Backdoor is called W32.Bug.Gear.A
You can run the attachment to avoide getting hacked by closing the backdoor.

bye

Attachment: <varies>

When the attachment is executed the worm copies itself to the folder: C:\windows\system32

The worm may display the following error message on Windows 2000/NT systems:

"Run-time error '76':
Path not found"

The following registry entries are created to hook system startup:
HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\CurrentVersion\Run\"G00123"="C:\windows\system32\<the worm file>"

HKEY_LOCAL_MACHINE\SoftWare\Microsoft\Windows\CurrentVersion\RunService"Services004"="C:\windows\system32\<the worm file>"

Finally the worm employs Microsoft Outlook to send itself to all the contacts in the Outlook address book.