From: A.M.Asua (asen@simtec2000.es)
Date: Wed Oct 09 2002 - 08:38:01 EEST

The highly destructive WORM_BUGBEAR.A virus propagates via email. The "from" field, subject line, message body, and attachment all vary widely and may appear to be legitimate email.

Once it has infected a computer, the worm opens a port on the target system, allowing a remote user to connect to the system and potentially compromise network security. BugBear also uses API (Application Program Interface) functions, commonly used by keylogger Trojans that allow remote users to obtain passwords and other sensitive information.

The virus will also attempt to disable various security products, including anti-virus and personal firewall software.

It exploits a known vulnerability on systems with unpatched Internet Explorer 5.01 and 5.5, which automatically runs the executable file attachment when the email message is previewed or opened in Microsoft Outlook and Outlook Express.

WORM_BUGBEAR.A is detected by pattern file #357 or above.

For more information about the rp-ml, see http://rapid.lpt.fi/rp-ml/

This archive was generated by hypermail 2.1.4 : Tue Jan 21 2003 - 20:14:25 EET