[JA] More Bugbear information from ZDNet

• From: George H Lunt <glunt@xxxxxxxx>
• To: juno_accmail@xxxxxxxxxxxxx
• Date: Thu, 3 Oct 2002 21:53:46 -0700

Hi All,

Bugbear may be more evil than previously indicated on this List.

++ From
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2881969,00.ht
ml ++
Bugbear worm tries to steal credit cards and passwords
By Robert Vamosi / ZDNet Reviews / September 30, 2002 

Bugbear is an Internet worm with a Trojan horse ... attempts to steal
your passwords and credit card information. Bugbear ... is about 50KB
long and is compressed ... Users of Internet Explorer 5.01 or 5.5 who
have not patched the Incorrect Mime header flaw are vulnerable to the
worm's e-mail attack. [Hard to believe any members of this List would be
running "unpatched", huh PC Cat... yet we know there are...] <snip>

How it works
Bugbear arrives via e-mail with no distinct characteristics except for an
attached file that is always 50,688 bytes long. The subject line and text
may be taken from existing e-mail. Bugbear also arrives through network
file sharing.
  
When RUN, Bugbear adds itself to the System subdirectory ... as four
random letters followed by .exe (for example, windows\System\zayb.exe)...
changes the Registry in order to run each time Windows is loaded, once
again using random letters... adds itself to the Startup folder as three
random letters followed by .exe (for example, Startup\zay.exe). 
 
The Trojan horse ... first terminates ... firewall and antivirus
programs. The Trojan then launches a keystroke-logging program ... random
letters followed by .dll (for example, avbxcydz.dll). Keystroke-logging
programs memorize the keystrokes ... login information (passwords) or ...
forms online (credit card information). Files ... can later be accessed
remotely by malicious users. <snip>
 
Prevention
Users of Internet Explorer 6 should be safe from the e-mail portion of
this worm. Users of IE 5.01 and 5.5 who have not installed the Infected
Mime header patch found in MS01-020 should do so. If you do not need to
share files on a network, you should also turn off file sharing within
Windows. 

Removal
Most major antivirus software companies have updated their signature
files to include this worm. This will stop the infection upon contact and
in some cases will remove an active infection from your system. For more
information, see Central Command, Command Antivirus, F-Secure, Kaspersky,
McAfee, Norman, Sophos, Symantec, and Trend Micro.
++++++++ End ZDNet review +++++++++  

George Lunt ..... so. cal.


To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with
"unsubscribe juno_accmail" in the body or subject.
OR visit //freelists.org
~*~

• Follow-Ups:
  • [JA] Bugbear information
    • From: carolynstoffel

Other related posts:

• » [JA] More Bugbear information from ZDNet

1. Home
2. juno_accmail
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---