1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Backdoor:W32/Bugbear.K

Backdoor:W32/Bugbear.K

Name : Backdoor:W32/Bugbear.K
Detection Names : Email-Worm.Win32.Tanatos.k
Email-Worm:W32/Bugbear.K
Category:Malware
Type:Backdoor
Type:Net-Worm, Email-Worm
Platform:W32
Date of Discovery:April 12, 2006

Summary

A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network.

Disinfection

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.


Eliminating a Local Network Outbreak

If the infection is in a local network, please follow the instructions on this webpage:


Note

After disinfection it is recommended to change all log-in credentials, as they could have been compromised by the password stealer component of the worm. It is also recommended to check infected systems and networks for possible hacker intrusion that could have been performed through the backdoor component of the worm.

More details about the removing procedure you can find in our support center: http://www.f-secure.com/support/technical/av5/support-issue-2002100200.htm

Additional Details

Backdoor:W32/Bugbear.K (also known as Tanatos) is an e-mail and network worm that also has a backdoor component. This particular variant is very similar to the original Tanatos worm that was found in 2002.


Propagation

This Tanatos worm variant spreads in e-mail messages with the following characteristics:

Subjects:

  •  !!! WARNING !!!
  • ;)
  • [Fwd: look] ;-)
  • Announcement
  • bad news
  • empty account
  • fantastic
  • Friendly
  • Fwd:
  • good news!
  • Greetings!
  • Greets!
  • Hello!
  • Hi!
  • history screen
  • hmm.."
  • I cannot forget you!
  • I love you!
  • I need photo!!!
  • Interesting...
  • Introduction
  • Is that your password?
  • Just a reminder
  • look
  • Lost & Found
  • Love
  • Me nude
  • New Contests
  • new reading
  • News
  • Old photos
  • Payment notices
  • photo
  • photos
  • Please Help...
  • Re:
  • Report
  • Sex pictures
  • sexy
  • Stats
  • Today Only
  • update
  • various
  • Warning!
  • wow!
  • You are fat!
  • Your Gift

Body text:

  •  Pease open an attachment to see the message.
  • Please see Attachment
  • please,read the attach file.
  • see attachment
  • See the attached file
  • See the attached file for more info
  • Take a look to the attachment

Attachment names:

  •  a000032.jpg [lots of spaces] .scr
  • girls.jpg [lots of spaces] .scr
  • image.jpg [lots of spaces] .scr
  • love.jpg [lots of spaces] .scr
  • message.txt [lots of spaces] .scr
  • music.mp3 [lots of spaces] .scr
  • myphoto.jpg [lots of spaces] .scr
  • news.doc [lots of spaces] .scr
  • photo.jpg [lots of spaces] .scr
  • pic.jpg [lots of spaces] .scr
  • readme.txt [lots of spaces] .scr
  • song.wav [lots of spaces] .scr
  • video.avi [lots of spaces] .scr
  • you.jpg [lots of spaces] .scr