Break the Chain Bugbear Bug-A-Boo

Created 10/3/2002 (10/3/2002) Mixing in with all the fake virus warnings circulating via e-mail, real warnings are often little better than their fictitious counterparts because they provide little to no useful information.


Subject: URGENT, Virus Warning

* * * Message to all RSC/ISP Users * * *

Virus Alert

As of September 30th, 2002, a new virus was reported and rated as HIGH RISK VIRUS. The virus called W32.Bugbear@mm is spreading rapidly on the Internet.

W32.Bugbear@mm is a mass-mailing worm. It can also spread through network shares on the Intranet. It has backdoor capabilities. The worm will also attempt to terminate the processes of various AntiVirus (e. g. Symantec's Norton AntiVirus) and personal firewall programs.

The virus distributes itself with its own SMTP client through e-Mail. Attachments and Subject Line differ and no pattern can be identified, besides the size of the attachments (50.688 Byte in size). It takes advantage of an old Microsoft vulnerability.

All messages that contain those malicious attachments should be immediately deleted as it is an extremely dangerous virus addressing selected Microsoft vulnerabilities.

When the worm arrives by email, it uses both an IFRAME exploit and a MIME exploit, which allow the virus to be executed when you read or even preview the file. Therefore, all mail containing attachments where the sender is not trusted should be deleted.

Contact the ISP Help Desk if you have any questions.


W32.Bugbear@mm, also known as "Tanatos," is a real mass-mailing worm, unleashed on the world in late September, 2002. It started out as a "medium-risk" virus, but most antivirus authorities have upgraded it to "high-risk" because it is spreading faster than expected. The information in the letter above (and others like it) is valid, but only half the story. It gives only an outline of the worm's characteristics, tentative advice for protecting your system from infection and absolutely no insight about how to clean it if you do get infected.

While Bugbear can disable out-of-date virus software, updated software is very effective at guarding against it. The leading antivirus companies (listed as references below) are already on top of this one, with virus definitions and fixes available. - free web hosting. Free hosting with no banners.
Relying on forwarded e-mail messages as your only protection against virus infection is foolish. They are often unreliable, untimely, incomplete and/or incorrect. Three simple rules of good computing will give you ten times the protection:

  1. Install antivirus software and keep it up-to-date. It's readily available, easy-to-install, relatively inexpensive ($10 - 50) and well worth the investment for the peace of mind it provides. There is absolutely no excuse in this day and age to continue accessing the Internet without it.

  2. Frequently make sure your Internet software is up-to-date, especially if you use Microsoft Internet Explorer, Outlook or Outlook Express.

  3. Never open a file attachment you weren't expecting, regardless of whom it came from.

"Protecting Your PC" in the Chain-Breaker's Library tells you how to do these things and offers other ways to prevent unwanted access to your hard drive and data. Protect yourself and never forward another virus warning. Break this Chain!

What Do You Think?

Category: Virus Warning
References: Trend Micro, Computer Associates, F-Secure, McAfee VirusScan, Symantec (Norton Antivirus)

HOME | Privacy & Copyright