Bugbear.K

Summary

Tanatos (also known as Bugbear) is an e-mail and network worm that also has a backdoor component. This particular variant is similar to the original Tanatos/Bugbear worm that was found in year 2002.

Disinfection & Removal

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.

Technical Details

This Tanatos worm variant spreads in e-mail messages with the following characteristics:

Subjects:

• !!! WARNING !!!
• ;)
• [Fwd: look] ;-)
• Announcement
• bad news
• empty account
• fantastic
• Friendly
• Fwd:
• good news!
• Greetings!
• Greets!
• Hello!
• Hi!
• history screen
• hmm.."
• I cannot forget you!
• I love you!
• I need photo!!!
• Interesting...
• Introduction
• Is that your password?
• Just a reminder
• look
• Lost & Found
• Love
• Me nude
• New Contests
• new reading
• News
• Old photos
• Payment notices
• photo
• photos
• Please Help...
• Re:
• Report
• Sex pictures
• sexy
• Stats
• Today Only
• update
• various
• Warning!
• wow!
• You are fat!
• Your Gift

Body text:

• Pease open an attachment to see the message.
• Please see Attachment
• please,read the attach file.
• see attachment
• See the attached file
• See the attached file for more info
• Take a look to the attachment

Attachment names:

• a000032.jpg [lots of spaces] .scr
• girls.jpg [lots of spaces] .scr
• image.jpg [lots of spaces] .scr
• love.jpg [lots of spaces] .scr
• message.txt [lots of spaces] .scr
• music.mp3 [lots of spaces] .scr
• myphoto.jpg [lots of spaces] .scr
• news.doc [lots of spaces] .scr
• photo.jpg [lots of spaces] .scr
• pic.jpg [lots of spaces] .scr
• readme.txt [lots of spaces] .scr
• song.wav [lots of spaces] .scr
• video.avi [lots of spaces] .scr
• you.jpg [lots of spaces] .scr

Detection

F-Secure Anti-Virus detects this malware with the following updates:

Detection Type: PC
Database: 2006-01-24_03

Description Created: 2006-05-10 17:29:11.0

Description Last Modified: 2006-05-11 12:16:23.0