The Clubhouse The Clubhouse is an area where we can post topics on all kinds of things that are not necessarily related to 'Lexus'.

VIRUS ALERT: Bugbear

 
Old 10-01-02, 08:16 PM
  #1  
Static911
Thread Starter
 
Join Date: Jun 2001
Location: Texas
Posts: 1,826
Likes: 0
Received 0 Likes on 0 Posts
Exclamation VIRUS ALERT: Bugbear

Taken from Anandtech:

http://www.sarc.com/avcenter/venc/[email protected]

http://vil.mcafee.com/dispVirus.asp?virus_k=99728

Name: W32/Bugbear-A
Aliases: Tanat, Tanatos
Type: Win32 worm
Date: 30 September 2002


This worm emails itself to addresses found on the local system. Possible message subject lines include the following (however, other random subject lines are also possible):

Found
150 FREE Bonus!
25 merchants and rising
Announcement
bad news
CALL FOR INFORMATION!
click on this!
Correction of errors
Cows
Daily Email Reminder
empty account
fantastic
free shipping!
Get 8 FREE issues - no risk!
Get a FREE gift!
Greets!
Hello!
history screen
hotmail.
I need help about script
Interesting
Introduction
its easy
Just a reminder
Lost
Market Update Report
Membership Confirmation
My eBay ads
New bonus in your cash account
New Contests
new reading
News
Payment notices
Please Help
Report
SCAM alert
Sponsors needed
Stats
Today Only
Tools For Your Online Business
update
various
Warning!
Your Gift
Your News Alert

The message body and attachment name vary. It is common for the attachment name to contain a double-extension (ie. .doc.pif). Outgoing messages look to make use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).


Indications Of Infection:

Port 36974 open (verify thru netstat -an)

Existence of the following files (* represents any character):

%WinDir%\System\%random filename%.EXE (50,688 bytes)
%WinDir%\System\%random filename%.DLL
%WinDir%\System\%random filename%.DLL
%WinDir%\System\%random filename%.DLL

----------

Ethan

Last edited by Static911; 10-01-02 at 08:34 PM.
Static911 is offline  
Old 10-01-02, 08:22 PM
  #2  
Richie
Lexus Fanatic
 
Richie's Avatar
 
Join Date: May 2001
Location: Netherlands
Posts: 19,103
Likes: 0
Received 0 Likes on 0 Posts
Default

Thanks for keeping us updated!!
Richie is offline  
 


Thread Tools
Search this Thread
Quick Reply: VIRUS ALERT: Bugbear


Contact Us - About Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: