Threat Description

Bugbear.K

Details

Aliases:W32/Bagway, Email-Worm:​W32/Bugbear.K, W32/Bugbear-I, Email-Worm.Win32.Tanatos.k, Tanatos.K
Category:Malware
Type:Email-Worm
Platform:W32

Summary



Tanatos (also known as Bugbear) is an e-mail and network worm that also has a backdoor component. This particular variant is similar to the original Tanatos/Bugbear worm that was found in year 2002.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



This Tanatos worm variant spreads in e-mail messages with the following characteristics:

Subjects:

  • !!! WARNING !!!
  • ;)
  • [Fwd: look] ;-)
  • Announcement
  • bad news
  • empty account
  • fantastic
  • Friendly
  • Fwd:
  • good news!
  • Greetings!
  • Greets!
  • Hello!
  • Hi!
  • history screen
  • hmm.."
  • I cannot forget you!
  • I love you!
  • I need photo!!!
  • Interesting...
  • Introduction
  • Is that your password?
  • Just a reminder
  • look
  • Lost & Found
  • Love
  • Me nude
  • New Contests
  • new reading
  • News
  • Old photos
  • Payment notices
  • photo
  • photos
  • Please Help...
  • Re:
  • Report
  • Sex pictures
  • sexy
  • Stats
  • Today Only
  • update
  • various
  • Warning!
  • wow!
  • You are fat!
  • Your Gift

Body text:

  • Pease open an attachment to see the message.
  • Please see Attachment
  • please,read the attach file.
  • see attachment
  • See the attached file
  • See the attached file for more info
  • Take a look to the attachment

Attachment names:

  • a000032.jpg [lots of spaces] .scr
  • girls.jpg [lots of spaces] .scr
  • image.jpg [lots of spaces] .scr
  • love.jpg [lots of spaces] .scr
  • message.txt [lots of spaces] .scr
  • music.mp3 [lots of spaces] .scr
  • myphoto.jpg [lots of spaces] .scr
  • news.doc [lots of spaces] .scr
  • photo.jpg [lots of spaces] .scr
  • pic.jpg [lots of spaces] .scr
  • readme.txt [lots of spaces] .scr
  • song.wav [lots of spaces] .scr
  • video.avi [lots of spaces] .scr
  • you.jpg [lots of spaces] .scr


Detection


F-Secure Anti-Virus detects this malware with the following updates:
Detection Type: PC
Database: 2006-01-24_03




SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More