Bugbear is an Internet worm with a Trojan horse that attempts to steal your passwords and credit card information. Bugbear (w32.bugbear@mm), also known as Tanatos, is about 50KB long and is compressed with the UPX file compressor. Users of Internet Explorer 5.01 or 5.5 who have not patched the Incorrect Mime header flaw are vulnerable to the worm"s e-mail attack.
All versions of Windows are vulnerable to this worm"s ability to arrive via open file sharing. Users of Macintosh, Linux, and Unix are not at risk. Since Bugbear sends infected e-mail and contains a potentially dangerous Trojan horse, it ranks a 6 on the ZDNet Virus Meter.
How it works
Bugbear arrives via e-mail with no distinct characteristics except for an attached file that is always 50,688 bytes long. The subject line and text may be taken from existing e-mail. Bugbear also arrives through network file sharing. When run, Bugbear adds itself to the System subdirectory of the Windows folder as four random letters followed by .exe (for example, windowsSystemzayb.exe). It also changes the Registry in order to run each time Windows is loaded, once again using random letters. Finally, it adds itself to the Startup folder as three random letters followed by .exe (for example, Startupzay.exe).