Virus type: File Infector
Destructive: No
Aliases: W32/Kijmo.A-mm, W32.Shamur
Pattern file needed: 557
Scan engine needed: 5.200
Reported infections: Low
Damage Potential: High
Distribution Potential: High
Description:
Trend Micro is warning computer users of PE_BUGBEAR.B due to its rapid propagation. Trend Micro customers are protected by pattern file 557, which has been available since 8.38am (GMT+2) this morning
PE_BUGBEAR.B is a file-infecting variant of WORM_BUGBEAR.A. This variant includes all the functionalities of the previous variant with the addition of the file infection routine.
The worm uses SMTP engine to send email to addresses it gathers from the infected machine. It sends an email using this format:
Subject: <any of these>
Get 8 FREE issues - no risk!
Hi!
Your News Alert
$150 FREE Bonus!
Re:
Your Gift
New bonus in your cash account
Tools For Your Online Business
Daily Email Reminder
News
free shipping!
its easy
Warning!
SCAM alert!!!
Sponsors needed
new reading
CALL FOR INFORMATION!
25 merchants and rising
Cows
My eBay ads
empty account
Market Update Report
click on this!
fantastic
wow!
bad news
Lost & Found
New Contests
Today Only
Get a FREE gift!
Membership Confirmation
Report
Please Help...
Stats
I need help about script!!!
Interesting...
Introduction
various
Announcement
history screen
Correction of errors
Just a reminder
Payment notices
hmm..
update
Hello!
Message Body: <none>
The attachment could have any of these strings for its file name:
Setup
Card
Docs
news
image
images
pics
resume
photo
video
music
song
data
The extension names used by the attachment could be any of the
following:
EXE
SCR
PIF
NOTE: The attachment name could be taken from files located at folder specified by the worm.
TrendLabs is working to provide a more in-depth analysis of this malware.
Solution:
Identifying the Malware Program
Before proceeding to remove this malware, first identify the malware program.
Scan your system with Trend Micro antivirus and NOTE all files detected as PE_BUGBEAR.B. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.
For further details, visit www.trendmicro-europe.com or contact :
Anna Wright
Trend Micro EMEA
+44 (0)1628 400 534
anna_wright@trendmicro.co.uk
Lammers van Toorenburg PR
Annegees van Linge
Tel: +31 (0)30 6565 070
E-mail: annegees@lvtpr.nl