Over the last seven days, Bugbear (W32/Bugbear) has held first place in the ranking of the most virulent malicious code compiled from data provided by Panda ActiveScan, the free, online virus scanner from Panda Software. This worm is designed to send itself as a file attached to an e-mail. As both file name and the e-mail subject and message text vary from one infection to another, this virus is particularly difficult for users to recognize.
Bugbear can open port 36794 in the affected computer, as well as paralyzing antivirus and firewall applications. In this way, Bugbear opens a backdoor which could give an attacker remote access to the computer.
W32/Bugbear is 50688 bytes in size (when the file containing the virus is UPX compressed) and is written in Visual C. It also drops a 'dll' file in the affected computer, which actually contains a Trojan called Trj/PSW.Bugbear. This Trojan is designed to intercept keystrokes on the computer.
The other worm we are looking at here is Rodok (W32/Rodok.A). This spreads via MSN Messenger and uses what has been dubbed 'social engineering', sending a message that tries to trick users into downloading a program from a website.
Rodok then tries to download two files from the Internet, which it saves to the hard disk under the names: update35784.exe and hehe2397824.exe. These files contain a backdoor Trojan, which could allow an attacker to take remote control of the affected machine.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.