WORM_BUGBROS.A

Discussion in 'malware problems & news' started by Randy_Bell, Jan 9, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    WORM_BUGBROS.A is a non-destructive mass-mailing worm that propagates via Microsoft Outlook, and arrives as an email attachment with a random file name. It sends a copy of itself to support@microsoft.com and all contacts listed in the infected user's Outlook address book. This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

    This mass-mailing worm arrives in an email with the following:

    Subject: LiveUpdate Informations
    Message Body: Hi,
    I have send you the needed informations for the new worm-backdoor discovered. The Backdoor is called W32.Bug.Gear.A
    You can run the attachment to avoide getting hacked by closing the backdoor.
    Bye
    Attachment: <random file name>

    Upon execution, this worm drops a copy of itself in the C:\Windows\System32 folder. The name of the dropped file is obtained by copying the name of the originally executed file. If the folder does not exist, as in Windows 2000 and NT systems, it displays the following error message:

    Run-time error '76':
    Path not found

    It also adds two registry entries that allow it to automatically execute at every system startup.

    If you would like to scan your computer for WORM_BUGBROS.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com

    WORM_BUGBROS.A is detected and cleaned by Trend Micro pattern file #715 and above.
     
Thread Status:
Not open for further replies.