SillyDog701

[Gregor]

Very important reading - Quote Pandas Oxygen report:

- Panda Software helps you combat Bugbear.B
free of charge with PQREMOVE -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, June 5 2003 - Due to the current high risk of becoming infected by
the new worm Bugbear.B, Panda Software has made the PQREMOVE application
available to all users, free of charge. This tool is designed to clean and
restore any computer that could have been infected by this worm and can be
downloaded from the address
http://updates.pandasoftware.com/pq/gen ... remove.com.

The multinational antivirus manufacturer has already released the updates
which ensure their antivirus solutions detect and eliminate Bugbear.B.
Therefore, if your software is not configured to update automatically, you
can do so from the company's website at http://www.pandasoftware.com.

Users whose computers have been affected by Bugbear.B can also clean their
computers free of charge using the free, online antivirus, Panda ActiveScan,
which is available on the company's website at http://www.pandasoftware.com.

This new worm is causing thousands of incidents around the world. In just a
few hours, Bugbear.B has climbed up to the first position in the ranking of
the top ten viruses most frequently detected by Panda ActiveScan. Similarly,
the multinational antivirus manufacturer's technical support services have
registered five times more inquiries than usual.

Bugbear.B is a polymorphic worm that spreads massively via e-mail in a
message with a variable subject and attachment. This is an extremely
dangerous malicious code, as it can infect a large number of files and
render many antivirus and security programs unusable.

Bugbear.B also exploits a known vulnerability in the browser Internet
Explorer, which is detected by Panda Software as Exploit/iFrame. By doing
this, it will be automatically run when the message carry the worm is viewed
through the Outlook Preview Pane.

This worm also opens communications port 1080, which allows hackers to gain
remote access to the affected computer. Furthermore, Bugbear.B captures the
keystrokes entered in the affected computer and saves them in a file. By
doing this, hackers that accessed this file would be able to obtain
confidential data such as passwords for accessing certain Internet services,
bank accounts, etc.

Finally, printers connected to a local corporate network affected by
Bugbear.B could start printing junk characters. This is due to a bug in the
worm's code when spreading across this type of network.

Additional technical information on Bugbear.B is available from Panda
Software's Virus Encyclopedia, at:
http://www.pandasoftware.com/virus_info/encyclopedia/.

Gregor

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 (DJGM-i.net)

[Antony]

W32.Bugbear.B@mm (Symantec)

The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto-execute the worm when reading or previewing an infected message.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 (CK-SillyDog)

[Fulvio]

And, for those who are cheap use this, from AVG:
http://www.grisoft.com/html/us_faq.php? ... 7cfac9c6f8

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 (Compact - Build 2)

[shadow_dancer]

At the first, i would like to say "Helloo".
I am a new comer here.

And now about the BugBear , i always trust my AV to Bit Defender ( especially i must face out with W32 @mm ). It works well , i found the articles about the BugBear at http://www.bitdefender.com/bd/site/viru ... 1&v_id=133

Name: Win32.BugBear.B@mm
Aliases: W32/Bugbear@MM, W32.Bugbear.B@mm
Type: Executable Backdoor Mass Mailer Infector
Size: 72192 bytes
Discovered: 05.06.2003
Detected: 05.06.2003
Spreading: High
Damage: Medium
In The Wild: Yes

Symptoms:
Not available yet

Technical description:
This is an Internet worm that spreads trough e-mail and network shares. It uses the IFRAME vulnerability for launching itself without the user interaction.

It usually arrives in the following format:

Subject: Randomly chosen from the following list:

Greets!
Get 8 FREE issues - no risk!
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
Tools For Your Online Business
Daily Email Reminder
News
free shipping!
its easy
Warning!
SCAM alert!!!
Sponsors needed
new reading
CALL FOR INFORMATION!
25 merchants and rising
Cows
My e Bay ads
empty account
Mark et Update Report
click on this!
fantastic
wow!
bad news
Lost & Found
New Contests
Today Only
Get a FREE gift!
Membership Confirmation
Report
Please Help...
Stats
I need help about script!!!
Interesting...
Introduction
various
Announcement
history screen
Correction of errors
Just a reminder
Payment notices
hmm..
update
Hello!

Or any other subject it finds in mail databases.

Attachment: Randomly chosen from the following list:

Setup, Card, Docs, news, image, images, pics, resume, photo, video, music, song, data

with double extension made by the following : Exe, scr, pif.

you could also download the AV at that site freely. But there is a weaknes on BitDefender AV, it can not automatically detect the virus inside our Hard Drive. We must find out about it with other AV ( McAfee, Norton, Spohos, etc ) if they cant clean it, i believe BitDefender can clean or delete the infected files and also the viruses.

Hope it helps mate ...

-Shad

UserAgent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)