W32/Bugbear.B@mm
| W32/Bugbear.B@mm |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 6/5/2003 | • Type: Backdoor, Virus, Worm |
| • Virus characteristics first published: 6/5/2003 | • Spreading mechanism: Network |
| • Virus characteristics latest update: 3/17/2004 | • Overall risk: Medium |
| • Alias: | • Payload: Drops a key logging program |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
The worm has a list of almost 1,400 domain names of banks and financial institutions all over the world. If the worm finds one of these domain names in the infected computer's SMTP settings in Registry, it will add the following Registry value before it starts its mass mailing routine:
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial = 0The effect of this seems to be that a dial-up connection to the Internet is opened without displaying any dialogue box. Thus the worm ensures that infected emails are sent even though no permanent network connection is present. Any additional use of this list of domain names is still being analyzed. This description will be updated if/when more information is available. |
||||||||||||||