Skip to main content

Bugbear.K

Classification

Category:Malware
Type:Email-Worm
Platform:W32
Aliases:

W32/Bagway, Email-Worm:W32/Bugbear.K, W32/Bugbear-I, Email-Worm.Win32.Tanatos.k, Tanatos.K

Summary

Tanatos (also known as Bugbear) is an email and network worm that also has a backdoor component. This particular variant is similar to the original Tanatos/Bugbear worm that was found in year 2002.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

This Tanatos worm variant spreads in email messages with the following characteristics:

Subjects:

  • !!! WARNING !!!
  • ;)
  • [Fwd: look] ;-)
  • Announcement
  • bad news
  • empty account
  • fantastic
  • Friendly
  • Fwd:
  • good news!
  • Greetings!
  • Greets!
  • Hello!
  • Hi!
  • history screen
  • hmm.."
  • I cannot forget you!
  • I love you!
  • I need photo!!!
  • Interesting...
  • Introduction
  • Is that your password?
  • Just a reminder
  • look
  • Lost & Found
  • Love
  • Me nude
  • New Contests
  • new reading
  • News
  • Old photos
  • Payment notices
  • photo
  • photos
  • Please Help...
  • Re:
  • Report
  • Sex pictures
  • sexy
  • Stats
  • Today Only
  • update
  • various
  • Warning!
  • wow!
  • You are fat!
  • Your Gift

Body text:

  • Pease open an attachment to see the message.
  • Please see Attachment
  • please,read the attach file.
  • see attachment
  • See the attached file
  • See the attached file for more info
  • Take a look to the attachment

Attachment names:

  • a000032.jpg [lots of spaces] .scr
  • girls.jpg [lots of spaces] .scr
  • image.jpg [lots of spaces] .scr
  • love.jpg [lots of spaces] .scr
  • message.txt [lots of spaces] .scr
  • music.mp3 [lots of spaces] .scr
  • myphoto.jpg [lots of spaces] .scr
  • news.doc [lots of spaces] .scr
  • photo.jpg [lots of spaces] .scr
  • pic.jpg [lots of spaces] .scr
  • readme.txt [lots of spaces] .scr
  • song.wav [lots of spaces] .scr
  • video.avi [lots of spaces] .scr
  • you.jpg [lots of spaces] .scr

More Support

Community

Ask questions in our Community.

User guides

Check the user guide for instructions.

Contact Support

Chat with with or call an agent.

Submit a Sample

Submit a file or URL for analysis.