{"id":1080,"date":"2010-09-09T19:38:47","date_gmt":"2010-09-09T18:38:47","guid":{"rendered":"http:\/\/www.galhano.com\/blog\/?p=1080"},"modified":"2010-09-09T19:38:47","modified_gmt":"2010-09-09T18:38:47","slug":"wormw32bugbear","status":"publish","type":"post","link":"http:\/\/galhano.com\/blog\/?p=1080","title":{"rendered":"Worm:W32\/Bugbear"},"content":{"rendered":"

Your keyboard has one hour to another to duplicate the accents? <\/span>This is when you press’ or ~ they come out duplicates?<\/strong> <\/span>This is a symptom of the virus BugBear, which began to spread over the Internet on September 30.<\/p>\n

<\/span>The BugBear (also called Thanatos) is a virus e-mail with behavior similar to “famous” Klez. <\/span>That is, when your machine is infected, it begins to send emails from your computer. <\/span>The big problem is that, like Klez, it “spoofs” the sender, picking a random name from your list of emails. <\/span>That way, when you receive an email with the virus, possibly the e-mail that is marked as the sender is not the person who is actually sending you the virus. <\/span>So no point in answering the e-mail saying “your computer is virus.”<\/p>\n

<\/span>The biggest problem is that this virus is a “backdoor”<\/strong>, ie the infected machine as well as send e-mail viruses can be easily accessed by hackers, and your data is completely exposed.<\/p>\n

<\/span>The virus prevents you run an antivirus. <\/span>If you are unable to open your antivirus, then it may mean that your machine is infected.<\/p>\n

<\/span>Remove viruses from your machine is relatively easy, just delete the files from the virus. <\/span>The problem is that at the time of infection, the files are created with random names, and therefore we can not know the exact name of the files to be deleted. <\/span>Anyway, there is the Internet a small utility to remove this virus, which can be downloaded for free at ftp:\/\/ftp.f-secure.com\/anti-virus\/tools\/f-bugbr.zip. <\/span>Just download, unzip with Winzip and run.<\/p>\n

<\/span>If your machine is networked, the virus attempts to spread the network as well. <\/span>Therefore, if local networks, the entire network must be disconnected before moving antivirus on all machines, because otherwise, you can eliminate the virus from your machine, but if another PC is infected shortly after their <\/span>PC will be infected again, via the network.<\/p>\n

<\/span>This worm exploits the same bug in Internet Explorer and Outlook that uses the Klez, which means that you do not need to run the attachment (the virus) of a message to your PC being infected. <\/span>If you install a patch existing security on the Microsoft website at http:\/\/www.microsoft.com\/windows\/ie\/downloads\/critical\/q323759ie\/default.asp, your computer will be less vulnerable to viruses from e-mails.
\n
\n<\/span>After eliminating the virus completely from your machine, do not forget to update your antivirus.<\/p>\n

<\/span>Also, for security reasons, we recommend that you replace all your logins and passwords, because the virus harvests login information and password of your computer and send by e-mail and someone may receive such information and to misuse them.<\/p>\n

<\/span>For complete information on this virus, visit http:\/\/www.f-secure.com\/v-descs\/tanatos.shtml.<\/span><\/span><\/p>\n

Symantec tool:<\/p>\n

http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2002-093007-2144-99&tabid=2
\n<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Your keyboard has one hour to another to duplicate the accents? This is when you press’ or ~ they come out duplicates? This is a symptom of the virus BugBear, which began to spread over the Internet on September 30. The BugBear (also called Thanatos) is a virus e-mail with behavior similar to “famous” Klez. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"close","ping_status":"close","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[99],"tags":[],"class_list":["post-1080","post","type-post","status-publish","format-standard","hentry","category-security","author-admin"],"_links":{"self":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1080"}],"version-history":[{"count":2,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1080\/revisions"}],"predecessor-version":[{"id":1082,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1080\/revisions\/1082"}],"wp:attachment":[{"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1080"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/galhano.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}