W32/Bugbear.A@mm

Download VIRUSfighter NOW
W32/Bugbear.A@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 9/30/2002 • Type: Worm
• Virus characteristics first published: 9/30/2002 • Spreading mechanism: Email, Network
• Virus characteristics latest update: 3/18/2004 • Overall risk: Low
• Alias: W32/Tanat • Payload: Adds a backdoor to the infected system, anti-antivirus capabilities
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Email characteristics:
  • Subject: Variable
  • Body: Variable
  • Attachment: Variable
When run, the worm will install itself in the Windows system directory under a random name, and add a registry key to point to itself:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce [filename]

It will also install a randomly named backdoor component to the Windows System directory.

The worm now attempts to spread via mail and network resources. It send itself to email addresses it finds from various sources on the infected system.

The worm has a number of names and text strings that it may use to compose mails; in addition, it may reply to mails in the users inbox and reuse text from there.

When spreading over network shares, it looks for startup directories on remote machines, and copies itself there.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter