[JA] Bugbear

  • From: terumoth@xxxxxxxx
  • To: juno_accmail@xxxxxxxxxxxxx
  • Date: Mon, 7 Oct 2002 06:27:46 -0400

5) Bugged By Bugbear
 
A new email/web worm, "Bugbear," appeared last week, and at first seemed
to be a minor annoyance. But by late in the week, it had grown to be a
full-fledge pain in the posterior.
 
The worm tries to disable any software firewalls or anti-virus apps you
have running, copies itself onto your system using random and variable
file names, looks for any network connections it can exploit, and
attempts to reinfect others by network and by its own built-in SMTP
(email) engine, so you may never know the bad emails are going out to
your friends and colleagues. It's also a keystroke logger, and more.
 
According to the folks at Symantec, the worm can:
    Delete files.
    Terminate processes.
    List processes and deliver the list to the hacker.
    Copy files.
    Start processes.
    List files and deliver the list to the hacker.
    Deliver intercepted keystrokes to the hacker (in an encrypted
      form). This may release confidential information that typed on a
      computer (passwords, login details, and so on).
    Deliver the system information to the hacker in the following form:
       User: <user name>
       Processor: <type of processor used>
       Windows version: <Windows version, build number>
       Memory information: <Memory available, etc.>
       Local drives, their types (e.g., fixed/removable/RAM disk/CD-
         ROM/remote), and their physical characteristics
    List network resources and their types, and deliver the list to the
       hacker.
 
All the major antivirus makers have patches that catch and fix Bugbear,
but from the volume of infected emails I'm getting, way too many people
are running unprotected and have been infected.
 
Symantec has a free tool just for removing BugBear: See
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@xxxxx
moval.tool.html
and http://securityresponse.symantec.com/avcenter/FxBgbear.exe
 
More Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@xxxxx
ml
http://www.sophos.com/virusinfo/analyses/w32bugbeara.html
 
For general info on how to make your PC secure from this kind of attack,
see http://www.informationweek.com/840/langa.htm

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.


To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with
"unsubscribe juno_accmail" in the body or subject.
OR visit //freelists.org
~*~

Other related posts:

  • » [JA] Bugbear
  1. Home
  2. juno_accmail
  3. Archive
  4. 10-2002