| Home | About Us | Products | Support | Downloads | Resellers | Links |
|
|
|
||||||||
|
|
|||||||||
|
|||||||||
Inter Engineering and F-Secure,
leaders in the combat against computer viruses, warn computer users
about a new worm named Bugbear B (variant of Bugbear A also known
as Tanatos). Bugbear A was the most widespread virus in the year 2002.
The worm first appeared on the 5th of June
The most alerting capacity of this worm is that it includes a large
list of domains belonging mostly to banks. The worm checks if an infected
computer is in one of these domains, and makes changes to the system
in these computers affecting their security. It enables the autodial
feature and installs a Backdoor.
The list of banks contains banks of all over the world. The exact
reason of the changes to infected banking systems is not known yet.
Bugbear.B is a very complex polymorphic virus that spreads through
both email and network shares. The worm sends e-mails with various
contents and uses the known Iframe vulnerability to execute the attachment
automatically when the e-mail is opened.
This virus is tricky, it contains many different techniques. It has UPX compression, encryption with random keys, backdoors, key-logging, retro-functionality, aggressive mass-mailing and network worm capabilities. The network worm capabilities may be dangerous to large organisations causing very fast outbreaks if this virus manages to get inside the firewall
The worm's file is a Windows PE executable file compressed with UPX file compressor and encrypted making the worm polymorphic.
The worm spreads in e-mail messages using its own SMTP engine. It finds email addresses in files of the infected systems. The subject and body of the message are random or copied parts of files on the infected system.
Because the Worm fakes the sender's address, most probably the appearing sender is not infected at all.
Bugbear attempts to disable diverse Anti Virus applications. It also installs a Backdoor which enables hackers to access infected systems.
Users are advised to keep their Anti Virus software enabled and updated. F-Secure Anti-Virus detects Bugbear B worm with the updates published on June 5th, 2003 09:55.
About Inter Engineering
Inter Engineering is one of the few companies specialized in Data Security. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with strong cryptography, access control, copy protection, biometrics and data recovery. The Company cooperates closely with leading providers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.
To contact us: Inter Engineering
P.O. Box 1626
410 02 Larissa, Greece
Tel. +30.2410.670030
Fax. +30.2410.670006
Email: sales@inter.gr