F-Secure Virus Information Pages : Tanatos.K [ Summary ] | [ Detailed Description ] | [ Detection ] Name: Tanatos.K Alias: Email-Worm.Win32.Tanatos.k, W32/Bugbear-I, W32/Bagway Type: Email Worm, Network Worm, Backdoor Category: Virus Platform: Win32 Date of Discovery: April 12, 2006 Summary Tanatos (also known as Bugbear) is an e-mail and network worm that also has a backdoor component. This particular variant is similar to the original Tanatos/Bugbear worm that was found in year 2002. Detailed Description Tanatos.K spreads in e-mail messages with the following characteristics: Subjects: !!! WARNING !!! ;) [Fwd: look] ;-) Announcement bad news empty account fantastic Friendly Fwd: good news! Greetings! Greets! Hello! Hi! history screen hmm.." I cannot forget you! I love you! I need photo!!! Interesting... Introduction Is that your password? Just a reminder look Lost & Found Love Me nude New Contests new reading News Old photos Payment notices photo photos Please Help... Re: Report Sex pictures sexy Stats Today Only update various Warning! wow! You are fat! Your Gift Body text: Pease open an attachment to see the message. Please see Attachment please,read the attach file. see attachment See the attached file See the attached file for more info Take a look to the attachment Attachment names: a000032.jpg [lots of spaces] .scr girls.jpg [lots of spaces] .scr image.jpg [lots of spaces] .scr love.jpg [lots of spaces] .scr message.txt [lots of spaces] .scr music.mp3 [lots of spaces] .scr myphoto.jpg [lots of spaces] .scr news.doc [lots of spaces] .scr photo.jpg [lots of spaces] .scr pic.jpg [lots of spaces] .scr readme.txt [lots of spaces] .scr song.wav [lots of spaces] .scr video.avi [lots of spaces] .scr you.jpg [lots of spaces] .scr Back to the Top Detection F-Secure Anti-Virus detects this malware with the following updates: [FSAV_Database_Version] Version = 2006-01-24_03. Back to the Top Write-up: Alexey Podrezov, May 10, 2006 Technical Details: Alexey Podrezov, May 10, 2006 F-Secure Corporation