W32.Bugbear.B Worm Identified As Targeting Banks

W32.Bugbear.B Worm Identified As Targeting Banks

Symantec Security Response has upgraded W32.Bugbear.B to a level 4-virus threat (level 5 being the highest level threat).

- Symantec Security Response experts have identified that the worm contains a list of more than 1,300 targeted bank domain names worldwide. If W32.Bugbear.B determines that the default e-mail address for the affected system belongs to a banking company, it enables auto-dialing. Auto dialing could allow the hacker to gain control of the machine by connecting to the Internet to gain additional instructions. Auto dialing coupled with the keystroke logging capabilities are likely an attempt to steal passwords more effectively.

- Symantec Security Response experts are continuing to see W32.Bugbear.B submission numbers increase. To date, Symantec Security Response has tracked 1,002 submissions of W32.Bugbear.B. Symantec Security Response has not yet seen the worm peak. In comparison, the original W32.Bugbear@mm worm that was discovered on Sept. 30, 2002, peaked in its fifth day with 6,888 submissions.

With 1,002 submissions in less than 48 hours, W32.Bugbear.B@mm, would have been ranked number 9 on the May 2003 Top 10 Malicious Code Threats list.

May 2003 Top 10 Malicious Code Threats

Rank Number of Submissions Threat Name
1. 7211 W32.Klez.H@mm
2. 6858 W32.Sobig.B@mm
3. 3556 HTML.Redlof.A
4. 3064 W32.HLLW.Fizzer@mm
5. 2223 W95.Hybris.worm
6. 1248 W32.HLLP.Spreda
7. 1121 W32.Nolor@mm
8. 1110 W32.HLLW.Lovgate.G@mm
9. 969 W32.Nimda.E
10. 947 W32.Pinfi

Symantec Security Response recommends users to update their virus definitions to prevent infection. For detailed information and removal tool for W32.Bugbear.B, visit the Symantec Security Response Web site at http://securityresponse.symantec.com . Computer users who are concerned that they may have received a virus can easily scan their system using Symantec Security Check Web site at http://www.symantec.com/securitycheck.

© Scoop Media