Panda Software’s Virus Laboratory has reported a new worm called Bugbear (W32/Bugbear). This is a malicious code designed to send itself out in a file attached to an e-mail message. The name of the attachment and the e-mail subject and message are variable.
Once the attached file is run, Bugbear creates several files with a random name in the affected computer. Some of these files are copies of the worm, like %sysdir%\????.exe or %startup%\???.exe, where each “?” symbol corresponds to a different character.
Bugbear can open port 36794 in the affected computer and stop applications such as antivirus programs and personal firewalls. As a result, the worm opens a backdoor that could allow an attacker to access a remote computer or network.
Finally, the worm inserts an entry in the Windows Registry in order to ensure it is run every time the system is started up.
In order to avoid infection, Panda Software recommends that users update their antivirus solutions immediately. The multinational antivirus developer has already made the corresponding update for its antivirus available to users. This update, which detects and removes Bugbear, can be downloaded from http://www.pandasoftware.com/. More technical details about Bugbear in Panda Software's Virus Encyclopedia.
About Panda Software's virus laboratory
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For further information:
Yolanda Ruiz
yruiz@pandasoftware.es
Tel. +34 91 806 37 00