Just recieved the following email from my anti virus vendor:
EMERGENCY ALERT: W32/Bugbear-A spreading rapidly
Sophos has received several reports in a short space of time of users
receiving an email-aware worm called W32/Bugbear-A.
W32/Bugbear-A is an internet worm which spreads via SMTP and also attempts to spread via network shares. The worm copies itself to the Windows system folder as a file with a random four-letter name and an EXE extension and adds to the following registry entry to run this file on the next reboot:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
W32/Bugbear-A also drops a copy of itself in the Windows start up folder so that is run on system restart.
The worm drops a randomly-named DLL file, which is related to logging keystrokes, in the Windows system folder. It can also terminate certain firewall and antivirus programs.
A more detailed analysis of W32/Bugbear-A will be published here shortly. Please check again later.
- wil
EMERGENCY ALERT: W32/Bugbear-A spreading rapidly
Sophos has received several reports in a short space of time of users
receiving an email-aware worm called W32/Bugbear-A.
W32/Bugbear-A is an internet worm which spreads via SMTP and also attempts to spread via network shares. The worm copies itself to the Windows system folder as a file with a random four-letter name and an EXE extension and adds to the following registry entry to run this file on the next reboot:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
W32/Bugbear-A also drops a copy of itself in the Windows start up folder so that is run on system restart.
The worm drops a randomly-named DLL file, which is related to logging keystrokes, in the Windows system folder. It can also terminate certain firewall and antivirus programs.
A more detailed analysis of W32/Bugbear-A will be published here shortly. Please check again later.
- wil
