| VID |
24062 |
| Severity |
40 |
| Port |
1080 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The Bugbear.B worm's backdoor is detected. BugBear.B backdoor is a part of the BugBear.B worm, which includes a key logger and can kill antivirus or personal firewall softwares. The BugBear.B worm spreads by sending emails containing attachments and by locating shared resources on your network to which it can copy itself.
The worm has a backdoor component similar to the one used in its previous version. The backdoor listens to TCP port 1080 for commands from a remote host. A hacker can connect to the backdoor and perform the following action:
- get information about infected computer
- upload and download files
- start files
- delete files
- terminate processes
- get process list
- start keylogger
- start HTTP server on a selected port
The Bugbear.B worm's backdoor does not use secure authentication like its previous variant, so the backdoor can be used by many hackers, not just the worm's author.
* References:
http://www.sophos.com/virusinfo/analyses/w32bugbearb.html
http://www.f-secure.com/v-descs/bugbear_b.shtml
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.html
* Platforms Affected:
Microsoft Windows Any version |
| Recommendation |
1. Use Anti-Virus programs or free disinfection tools to remove it.
2. Close the Windows shares of the infected computer.
3. Update Outlook, Internet Explorer browser and Outlook Express in the infected computer. The patch can be downloaded from Microsoft Security Bulletin MS01-027. (This patch was released to fix a number of vulnerabilities in Microsoft's software, including the ones exploited by this worm.): http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Free BugBear.B worm disinfection tool:
ftp://ftp.f-secure.com/anti-virus/tools/f-bugbr.zip
http://www.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.removal.tool.html |
| Related URL |
CVE-2001-0154 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
