Weekly Virus Report - Bugbear and Opaserv Infections
Posted on 07.10.2002
W32/Bugbear has been the main protagonist of this week's virus activity, followed, to a lesser extent, by two variants of W32/Opaserv.

W32/Bugbear spreads via e-mail (in a message which is very difficult to identify as its subject, contents and the name of the attached file change on each infection) and across shared network drives. This worm affects several antivirus programs and firewalls in order to leave the computer defenseless against other viruses and attacks.

Since W32/Bugbear spreads across resources shared on a network, it might flood printers by printing its binary code. The worm also takes advantage of a known Internet Explorer vulnerability, which could allow attached files to be run automatically by simply viewing messages through Outlook's preview pane. Finally, it uses port 36794 to establish remote connections.

The other two malicious codes we will look at here are W32/Opaserv and W32/Opaserv.D, which spread across shared network drives and try to connect to a web page in order to download updates of themselves. To carry out infection, both these files create a file called SCRSVR.EXE in the Windows directory, which contains the infection code. W32/Opaserv.D also generates a file named TMP.INI in the root directory of the hard disk and enters a command in the WIN.INI file in order to run itself.

Finally, W32/Opaserv looks for network addresses as well as some random IP addresses, and makes calls to port 137. On getting a response, it spreads through port 139, copying itself to the remote computer's C:\Windows directory.





Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //