Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

Bugbear Worm

Information about Bugbear Worm:

                     BugBear is an Internet worm, uses e-mail addresses stored in Windows Address book and network shares. It also collects addresses from .dbx, .mbx, .eml, and .ocs files to distribute infected messages. The worm randomly chooses the message body and subject. This worm is also known as I-Worm/Bugbear, I-Worm.Tanatos.a, W32/Bugbear@mm, Tanatos, W32.Bugbear@MM, WORM_BUGBEAR.A.

                     When the infected attachment is executed, the worm copies itself to Windows system folder as a four digit file name. It copies to the startup folder to load on the next startup automatically. The worm also creates new key in the registry in the RunOnce section. The registry modification is given below.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

                     Bugbear uses IFRAME vulnerability to infect. When the user views the e-mail the embedded code is executed automatically and it drops the virus. Microsoft released security patches to close this security hole. If you haven't installed, you can get a copy at http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

                     Bugbear uses its own SMTP to mail infected messages. It will try to terminate antivirus and security programs in the infected system. The worm has backdoor abilities, so the infected machine is vulnerable to hacker attacks.

Removing Bugbear worm from your computer:

                     Fire has incorporated Bugbear worm in signature file to protect Fire users from this worm attack. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                     If you are already infected with this worm, download and install security patches from the link http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp according to your Internet Explorer version. Then run Fire anti-virus to remove the worm components.

                     A free download of FireLite [ 1100 KB ] version is also available to detect Bugbear Worm. Fire anti-virus kit removes Bugbear worm without problems. If you find this worm, use registered version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Jacob Kalis, Prognet Technologies Pvt. Ltd, Oct. 2002]

Go to top of the page
.