OpenBCM V1.13 (Linux)

Packet Radio Mailbox

DB0FHN

[JN59NK Nuernberg]

 Login: GUEST





  
M1CUK  > INFO     01.10.02 16:37l 58 Lines 1885 Bytes #999 (0) @ WW
BID : 19459-GB7FCR
Read: DB0FHN GUEST
Subj: virus update/Warning.
Path: DB0FHN<DB0ZWI<DB0CHZ<DB0ERF<DB0FBB<DB0GOS<ON0AR<ON0AR<ON0BEL<GB7FCR
Sent: 021001/1424Z @:GB7FCR.#16.GBR.EU #:19459 [Blackpool] FBB-7.03a $:19459-GB
From: M1CUK@GB7FCR.#16.GBR.EU
To  : INFO@WW

Bugbear virus on the loose

By Iain Thomson [01-10-2002]

New worm disables security software
A worm which disables security software and can steal passwords
and credit card details is spreading rapidly through Windows-based
PCs, according to antivirus companies.

Codenamed Bugbear, the worm was first detected in Malaysia and is
spreading fast.

Network Associates' Anti-Virus Emergency Response Team identified
the worm on 29 September and has upgraded its threat rating from
'low' to 'medium'.

Antivirus company MessageLabs has reported 6,000 infections in the
UK, US and India. The worm copies itself into the Windows system
directory and start-up folder as a .exe file with a random three
letter name.

Once installed it disables antivirus and firewall software and
installs a Trojan keystroke logger as a DLL, detected as
PWS-Hooker.dll.

Whatever the PC user types via the keyboard, such as passwords or
sensitive information, is sent to the originator of the virus via
the TCP port 36794.

The worm also seeks to infect all other PCs on the network via the
address book and network shares.

In addition it takes advantage of a longstanding Microsoft exploit,
MS-01/020, as did Klez. A patch for this has been available since
March 2001.

"It beggars belief that this exploit is still being used," said
Mark Toshack, virus analyst at MessageLabs.

"While this worm is new, the vulnerabilities it exploits are not.
Home users must shoulder much of the blame for not updating their
systems."

The infected emails are headed by a variety of greetings intended
to trick users into allowing them into their own computers.
It is common for the infected attachment name to contain a
double-extension such as doc.pif.

The worm only affects Windows PCs and a patch is available from
antivirus vendors.
--------------------

Regards
	Trev


Read previous mail | Read next mail


 08.07.2026 15:55:25lGo back Go up