Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 13th, 2008, 9:16pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Bugbear.B		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Bugbear.B  (Read 411 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Bugbear.B
« on: Jun 5th, 2003, 9:18pm »		 Quote Quote  Modify Modify
Just when you thought it was all quite on the NetBIOS front...
 
Bugbear.B is designed to spread rapidly via e-mail, using its own SMTP engine, and to infect a large number of system files. The e-mail message carrying the worm has a variable subject and attachment. Some of the possible characteristics are:
 
Subject:  
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
 
Attachments:
data    
song
music    
video
photo
 
Finally, the message body appears blank.
 
Bugbear.B also exploits a known vulnerability in the browser Internet Explorer. By doing this, it will be automatically run when the message carry the worm is viewed through the Outlook Preview Pane.  
 
However, the biggest danger of this worm lies in its capacity to disable a large number of antivirus and security programs. In order to do this, it not only ends the processes belonging to these programs, but also deletes files that are essential to their correct functioning.  
 
Bugbear.B is a polymorphic worm, which makes it difficult for antivirus programs to detect.
 
Stand by for a flood on TCP137, just like last time...
IP Logged
... but crap arrives pretty much straight away.
ReGen
Veteran
*****




It's because we know, that we care.

   


Gender: male
 Posts: 685
Re: Bugbear.B
« Reply #1 on: Jun 5th, 2003, 10:19pm »		 Quote Quote  Modify Modify
Thanks for the info Ian. Sure glad I stopped using MS e-mail programs!  Smiley
IP Logged
--
ReGen
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: Bugbear.B
« Reply #2 on: Jun 5th, 2003, 10:58pm »		 Quote Quote  Modify Modify
Yeah, which must be the most common way it spreads. However, this version is fully equipped with its own system and can run without any email app if required. I think the 'iFrames' thing (i.e. the preview pane in Outlook and OE) is the simplest way of getting it to install onto a PC since many users still don't turn this 'feature' off. Me: I haven't had preview active for years, and always check the properties of suspicious emails (including the source), especially if they're carrying attachments.
IP Logged
... but crap arrives pretty much straight away.
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: Bugbear.B
« Reply #3 on: Jun 6th, 2003, 2:41am »		 Quote Quote  Modify Modify
I'm having to work in both Windows and LInux at present, so when a new virus flood is coming, I will just retreat to checking my email Linux - problem solved.  Grin
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: Bugbear.B
« Reply #4 on: Jun 7th, 2003, 12:53pm »		 Quote Quote  Modify Modify
Quite so. However, this time you'll notice more than just port 135-137 hits (even in Linux!). Here's some more info about this new variant:-
 
As well as the actions described above, this worm opens the communications ports 1080 and 36794 in order to allow a hacker to gain remote access to the resources on the affected computer. Furthermore, Bugbear.B logs the keystrokes entered by the user of the affected computer and saves them in a file. By doing this, a hacker that gained access to this file, would be able to obtain confidential information such as passwords, bank account and credit card numbers, etc.
 
Port 1080 is allocated to the 'socks' process (presumably because it's using its own SMTP engine) and could cause unnecessary fuss for unsuspecting users when spotted...
« Last Edit: Jun 7th, 2003, 12:53pm by Ian » IP Logged
... but crap arrives pretty much straight away.
Jamming
Stole All the Forum Stars
********




Remember when a Trojan was just for protection.

   


Gender: male
 Posts: 2039
Re: Bugbear.B
« Reply #5 on: Jun 7th, 2003, 1:33pm »		 Quote Quote  Modify Modify
I use Outlook Express and only had trouble several years ago with it during one of the firet exploits against it.  I have the preview plan disabled, plus windows scripting host, and a number of other things that keep it in its place.  ZAPro Blocks attachments and renames them to a controlled, plus I use to be able to keep my OE to recieve Text only which was done away with back in the 5 series.  Also keep that stupid automatic download of language support turned off.  Bugbear.b is covered by my NAV and the fact that all changes to my registry have to be confirmed by me.
IP Logged
Team Z Member

Servare cives, major est virtus patriae patri.
- Lucius Annaeus Seneca
I was born an American; I live an American; I shall die an American!
- Daniel Webster
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register