Weekly Virus Report - Rodok and Bugbear Worms
Posted on 14.10.2002
This week's virus report focuses on two worms, Rodok, which spreads via MSN Messenger and Bugbear, which has continued to be a major source of infections in the last week.

Over the last seven days, Bugbear (W32/Bugbear) has held first place in the ranking of the most virulent malicious code compiled from data provided by Panda ActiveScan, the free, online virus scanner from Panda Software. This worm is designed to send itself as a file attached to an e-mail. As both file name and the e-mail subject and message text vary from one infection to another, this virus is particularly difficult for users to recognize.

Bugbear can open port 36794 in the affected computer, as well as paralyzing antivirus and firewall applications. In this way, Bugbear opens a backdoor which could give an attacker remote access to the computer.

W32/Bugbear is 50688 bytes in size (when the file containing the virus is UPX compressed) and is written in Visual C. It also drops a 'dll' file in the affected computer, which actually contains a Trojan called Trj/PSW.Bugbear. This Trojan is designed to intercept keystrokes on the computer.

The other worm we are looking at here is Rodok (W32/Rodok.A). This spreads via MSN Messenger and uses what has been dubbed 'social engineering', sending a message that tries to trick users into downloading a program from a website.

Rodok then tries to download two files from the Internet, which it saves to the hard disk under the names: update35784.exe and hehe2397824.exe. These files contain a backdoor Trojan, which could allow an attacker to take remote control of the affected machine.





Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //