Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BUGBEAR VARIANT SPREADS IN THE WILD

Virus Name  : W32.Bugbear.B@mm

Alias             : I-Worm.Bugbear.B, W32/Bugbear-B, WORM_BUGBEAR.B, Tanatos.b

Virus type    : Internet worm

Threat level : Medium

Virus details :

                     BugBear.b is a new variant of Bugbear worm, uses e-mail addresses stored in Windows address book and network shares to spread. It collects addresses from .dbx, .mbx, .eml, and .ocs files to distribute infected messages. The worm randomly chooses the message body and subject. This variant infects local files in the hard disk. Solo antivirus can detect and clean the infected files safely.

                     Bugbear.b uses IFRAME vulnerability to infect windows based systems. When the user views the e-mail, the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you have not installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

                     When the infected attachment is executed, it copies to the startup folder to load on the next startup automatically. Then searches for EXE files in the hard disk and infects the targeted applications in Program files folder and Windows folder.

Bugbear.b will infect the following files in the Windows folder: 

notepad.exe
mplayer.exe
scandskw.exe
regedit.exe
hh.exe
winhelp.exe 

It will infect the following files in the Program Files folder: 

Internet Explorer\iexplore.exe
adobe\acrobat 5.0\reader\acrord32.exe
Windows Media Player\mplayer2.exe
Real\RealPlayer\realplay.exe
Outlook Express\msimn.exe
Far\Far.exe
CuteFTP\cutftp32.exe
Adobe\Acrobat 4.0\Reader\AcroRd32.exe
ACDSee32\ACDSee32.exe
MSN Messenger\msnmsgr.exe
WS_FTP\WS_FTP95.exe
QuickTime\QuickTimePlayer.exe
StreamCast\Morpheus\Morpheus.exe
Zone Labs\ZoneAlarm\ZoneAlarm.exe
Trillian\Trillian.exe
Lavasoft\Ad-aware 6\Ad-aware.exe
AIM95\aim.exe
Winamp\winamp.exe
DAP\DAP.exe
ICQ\Icq.exe
kazaa\kazaa.exe
winzip\winzip32.exe 
WinRAR\WinRAR.exe

                     Bugbear uses its own SMTP to mail infected messages. It will try to terminate antivirus and security programs in the infected system. Bugbear.b worm drops a key logging component in Windows system folder. The worm has backdoor abilities. So the infected machine is vulnerable to hacker attacks.

                      Bugbear.b worm contains a bulk list of bank domains. If a bank domain e-mail id found, it enables the auto dial feature in the registry of the infected system. It can be used to steal passwords.

How can I protect my system?

                   Solo has incorporated W32.Bugbear.B@mm in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats. 

                   We recommend all users to install the latest version of Internet Explorer 6.0 to protect your system from IFRAME and other security holes.

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run Solo anti-virus to remove the worm components.

                   Solo antivirus can detect and remove W32.Bugbear.B@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link