· The number of users affected by this new virus is gradually growing, as it is difficult to identify and runs itself automatically.
MADRID, October 2, 2002
A virus that appeared this week, Bugbear, is becoming of increasing concern as it gradually infects more and more computers. In the last few hours, this worm has climbed to second place in the list of most frequently detected viruses by the free online scanner, Panda ActiveScan. Panda Software's technical support services have also received reports of incidents involving this worm from several countries. For this reason, Panda Software has made the PQREMOVE (http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Bugbear) application available, free of charge, to all users.
Bugbear reaches computers via e-mail, and the fact that it is so difficult to identify due to the numerous random subject fields, messages and attached files it can use, and its ability to run itself automatically means that users are infected almost immediately on receiving the message. For this reason, the best way to protect against Bugbear is to have a reliable and fully-updated antivirus.
Bugbear takes advantage of the Exploit/IFrame vulnerability -already exploited by other malicious code- in order to run itself and open port 36794 in the affected computer. The worm can also paralyze applications such as antiviruses and personal firewalls and opens a backdoor that could allow an attacker to access computers or networks remotely.
In order to avoid infection, Panda Software recommends that users update their antivirus solutions immediately. The multinational antivirus developer has already made the corresponding update for its antivirus available to users. This update, which detects and removes Bugbear, can be downloaded from http://www.pandasoftware.com/. More technical details about Bugbear at Panda Software's Virus Encyclopedia (http://service.pandasoftware.es/library/virusCard.jsp?Virus=W32/Bugbear)
About Panda Software's virus laboratory
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.