| Name: | Bugbear |
| Aliases: | W32.Bugbear@mm, Tanatos, Natosta, Keywo, I-Worm/Keywo, |
| Ports: | 137 (UDP), 36794 |
| Files: | Setup.exe - 3 july 2002.doc.pif - F***.exe - 50,688 bytes [* = letters choosen by the worm]C**.exe - [* = letters choosen by the worm]Iccyoa.dll - Icoaco.dll - 35 bytes Lgguqaa.dll - Lgqagqz.dll - 5,632 bytes Roomuaa.dll - Rouaoup.dll - 85 bytes Okkqsa.dat - Ussiwa.dat - Uguaac.dat - 2 bytes |
| Created: | Sep 2002 |
| Requires: | |
| Actions: | Anti-protection trojan / Remote Access / Keylogger / Worm / Mail trojan / Network trojan / HTTP server |
| Registers: | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\ |
| Notes: | Works on Windows 95, 98, ME, NT, 2000 and XP, together with MS Internet Explorer and MS Outlook. |
| Country: | written in Malaysia |
| Program: | Written in Visual C++ 6.0. |