Home / malware Backdoor:W32/Bugbear.K
First posted on 28 July 2010.
Source: SecurityHomeAliases :
There are no other names known for Backdoor:W32/Bugbear.K.
Explanation :
A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.
Additional DetailsBackdoor:W32/Bugbear.K is an e-mail and network worm that also has a backdoor component. This particular variant is very similar to the original Tanatos worm that was found in 2002.
Bugbear is also known as Tanatos.
Propagation
This Tanatos worm variant spreads in e-mail messages with the following characteristics:
Subjects:
€ !!! WARNING !!! € ;) € [Fwd: look] ;-) € Announcement € bad news € empty account € fantastic € Friendly € Fwd: € good news! € Greetings! € Greets! € Hello! € Hi! € history screen € hmm.." € I cannot forget you! € I love you! € I need photo!!! € Interesting... € Introduction € Is that your password? € Just a reminder € look € Lost & Found € Love € Me nude € New Contests € new reading € News € Old photos € Payment notices € photo € photos € Please Help... € Re: € Report € Sex pictures € sexy € Stats € Today Only € update € various € Warning! € wow! € You are fat! € Your Gift
Body text:
€ Pease open an attachment to see the message. € Please see Attachment € please,read the attach file. € see attachment € See the attached file € See the attached file for more info € Take a look to the attachment
Attachment names:
€ a000032.jpg [lots of spaces] .scr € girls.jpg [lots of spaces] .scr € image.jpg [lots of spaces] .scr € love.jpg [lots of spaces] .scr € message.txt [lots of spaces] .scr € music.mp3 [lots of spaces] .scr € myphoto.jpg [lots of spaces] .scr € news.doc [lots of spaces] .scr € photo.jpg [lots of spaces] .scr € pic.jpg [lots of spaces] .scr € readme.txt [lots of spaces] .scr € song.wav [lots of spaces] .scr € video.avi [lots of spaces] .scr € you.jpg [lots of spaces] .scr
Detection
F-Secure Anti-Virus detects Bugbear/Tanatos worm with the following update:
[FSAV_Database_Version]
Version=2006-01-24_03Last update 28 July 2010
