SECURITY INFO
Latest Threats
Spyware
Spam
Phishing
Hoaxes
PandaLabs
Virus map
Panda Virusometer
TRAINING
General concepts
Technical details
Virus FAQs
Practical tips
DOWNLOADS
Repair utilities
Does my antivirus work?
ActiveScan Pro
Free Antivirus
HOME
What is VirusPortal?
Newsletters
HOME SECURITY INFO TRAINING DOWNLOADS WEBMASTERS
Security Info / Virus encyclopedia / At a glance
Find:    in:  
 

 Bugbear.B
Threat Level:  Moderate
Distribution:  Low
Damage: Severe
The Threat Level varies according to the Distribution and Damage levels
 
 Common name: Bugbear.B
 Technical name: W32/Bugbear.B
 Threat Level: Low
 Alias: W32/Bugbear.b@mm, Bugbear.B, PE_BUGBEAR.B, W32.Kijmo, W32.Shamur, Win32.Bugbear.B
 Type: Virus
 Effects:  It infects a large number of files on affected computers, it ends processes belonging to security programs, opens the port 1080, captures keystrokes and allows a hacker to gain remote access to the resources of the computer.
 Systems affected: Windows XP/2000/NT/ME/98/95
 First detected on: June 5, 2003
 Detection updated on: June 7, 2006
 In circulation? No
  
Panda QuickRemover
  Brief Description
 

Bugbear.B is dangerous worm that spreads via e-mail and across shared network drives.

It is very easy to become infected by this worm, as it is automatically activated when the message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame. However, Bugbear.B does not always exploit this vulnerability in order to affect the computer.

Bugbear.B carries out the following actions in affected computers:

  • It sends out a file containing a copy of the cached passwords of the dial-up connection to networks to a certain list of e-mail addresses. It does this if the default e-mail address of the victim computer, which it obtains from the Windows Registry, belongs to one of the domains in its list. This list mainly includes domains belonging to financial entities. The addresses it sends the cached passwords to are the following:
    ifrbr@canada.com, sdorad@juno.com, fbnfgh@email.ro, eruir@hotpop.com, ersdes@truthmail.com, eofb2@blazemail.com, ioter5@yook.de, iuery@myrealbox.com, jkfhw@wildemail.com and ds2iahf@kukamail.com.
  • It infects a large number of files.
  • It disables security programs.
  • It opens port 1080, which allows hackers to gain remote access to the affected computer.
  • It logs the keystrokes in a file. By doing this, hackers that accessed this file would be able to obtain confidential data such as passwords for accessing certain Internet services, bank accounts, etc. The logged information is sent when the data saved exceeds 25,000 bytes or every two hours.

Bugbear.B is a polymorphic worm, which makes it difficult for antivirus programs to detect.

[ top ]  

  Visible Symptoms
 

Bugbear.B is difficult to recognize, as it does not display any warnings or messages that indicate that it has infected a computer.

When spreading across shared network drives, Bugbear.B does not check if the directories it is copying itself to are shared printers. Therefore, if it copies itself to one of these directories, the printer will start printing junk characters.



[ top ]  
Last updated:  June 7, 2006 

 

  © Panda 2009 | Free Antivirus | Make this your home page | Bookmark this page | Send page | Contact us | Legal notice | Privacy Policy