W32.Bugbear.B Worm Identified As Targeting Banks
Symantec Security Response has upgraded W32.Bugbear.B to a level 4-virus threat (level 5 being the highest level
threat).
- Symantec Security Response experts have identified that the worm contains a list of more than 1,300 targeted bank
domain names worldwide. If W32.Bugbear.B determines that the default e-mail address for the affected system belongs to a
banking company, it enables auto-dialing. Auto dialing could allow the hacker to gain control of the machine by
connecting to the Internet to gain additional instructions. Auto dialing coupled with the keystroke logging capabilities
are likely an attempt to steal passwords more effectively.
- Symantec Security Response experts are continuing to see W32.Bugbear.B submission numbers increase. To date, Symantec
Security Response has tracked 1,002 submissions of W32.Bugbear.B. Symantec Security Response has not yet seen the worm
peak. In comparison, the original W32.Bugbear@mm worm that was discovered on Sept. 30, 2002, peaked in its fifth day
with 6,888 submissions.
With 1,002 submissions in less than 48 hours, W32.Bugbear.B@mm, would have been ranked number 9 on the May 2003 Top 10
Malicious Code Threats list.
May 2003 Top 10 Malicious Code Threats
Rank Number of Submissions Threat Name
1. 7211 W32.Klez.H@mm
2. 6858 W32.Sobig.B@mm
3. 3556 HTML.Redlof.A
4. 3064 W32.HLLW.Fizzer@mm
5. 2223 W95.Hybris.worm
6. 1248 W32.HLLP.Spreda
7. 1121 W32.Nolor@mm
8. 1110 W32.HLLW.Lovgate.G@mm
9. 969 W32.Nimda.E
10. 947 W32.Pinfi
Symantec Security Response recommends users to update their virus definitions to prevent infection. For detailed
information and removal tool for W32.Bugbear.B, visit the Symantec Security Response Web site at http://securityresponse.symantec.com . Computer users who are concerned that they may have received a virus can easily scan their system using Symantec
Security Check Web site at http://www.symantec.com/securitycheck.