PDA

View Full Version : W32.Bugbear is back!



Billy T
06-06-2003, 08:40 PM
From: "Partner APAC" <PartnerAPAC@symantec.com>
To: <partnerapac@symantec.com>
Sent: Friday, June 06, 2003 5:40 PM
Subject: Symantec Partner Virus Alert


Pleased be advised that Symantec Security Response has rated
W32.Bugbear.B@mm a level 4 worm, on a scale of 1-5, with five being the
most serious. As a consequence, you may receive an increase in customer
enquiries about this latest threat.

W32.Bugbear.B@mm is a variant of W32.Bugbear@mm originally discovered and named in the Sydney Symantec Security Response Centre in October 2002 and appears to be spreading quickly.

W32.Bugbear.B@mm is a mass-mailing, polymorphic worm that also spreads through network shares. This worm infects a select list of executable files, has keystroke-logging and backdoor capabilities and will attempt to terminate the processes of various antivirus and firewall programs.

For further information on this worm, please visit
http://www.symantec.com.au/avcenter/

Symantec Security Response strongly encourages users to download the
latest virus definitions via LiveUpdate or from the Symantec Security Website -http://securityresponse.symantec.com/avcenter/defs.download.html.

Please be assured that Norton AntiVirus 2003 with current definitions will
protect against W32.Bugbear.B@mm.

Chilling_Silently
07-06-2003, 05:37 PM
Oh not again...
I remember coming in to IDG in the afternoon when it got hit, They'd been intervied and all...

I dont like that virus.. I wonder why :p

-=JM=-
07-06-2003, 06:24 PM
Bugbear wasn't all that bad. I'm pretty sure thats one of the ones we got hit with at the college last year. Just used the Symantec remover and it all came away fine.

agent
07-06-2003, 06:30 PM
Never got it, wasn't affected by it, don't care about it. :D

rugila
07-06-2003, 06:44 PM
It does seem to be making the rounds.

Check out http://www.sharetrader.co.nz/topic.asp?TOPIC_ID=18409
for another thread where some contributors also discuss seemingly the same problem.

I personally have received two versions (attachment 'DSC000##.jpg.pif' ) at two different email addresses over the past several days which seem to be the same, or at least variants.

No harm done to me, but (updated) AVG didn't pick up the virus (or worm) in the email attachment until I had downloaded it to a floppy and then checked the floppy.
Aren't these AV programs supposed to pick them up directly from the email, without the need to download first?

cyberchuck
08-06-2003, 09:41 AM
> Bugbear wasn't all that bad. I'm pretty sure thats one of the ones we
> got hit with at the college last year. Just used the Symantec remover
> and it all came away fine.

Our school got hit by it last year.. Took the network admins a good month to get rid of it, as it infected staff laptops, the different servers, etc.. So once it was gone from the network, some staff member would plug their laptop back in and it was back...
I think that the network admin's just waited until the school holidays, then took all the laptops in and cleared them one by one.
This partially explains why student workstations download an image of their HDD off the server and make sure that everything is the same - if there's a new folder on the HDD, then it get's deleted... Helps make sure that virus' don't get onto Student Workstations...


CyberChuck

Jen C
08-06-2003, 10:05 AM
> No harm done to me, but (updated) AVG didn't pick up
> the virus (or worm) in the email attachment until I
> had downloaded it to a floppy and then checked the
> floppy.
> Aren't these AV programs supposed to pick them up
> directly from the email, without the need to download
> first?

It has been mentioned before that AVG will only detect the virus if it starts to run (from opening an email) or if you save the attachment and then manually scanned it. Either way, it will detect it before it escapes if you have the antivirus definition for it.

With NAV, it will actually detect the virus/worm as the email is being downloaded into your inbox.

Billy T
08-06-2003, 12:55 PM
Umm........

Please note that this is a new variant that requires a new AV definition. You may be protected against the earlier version but if your defs are not up to date then this version may still catch you.

Cheers

Billy 8-{) :|

[pre][b]Complacency fuels many disasters

Robin S_
10-06-2003, 11:41 PM
The latest AVG update released 5/6/03 (alert posted by Kiwitas 6/6/03) is said to deal with it.