Signature Detail

Short Name	WORM:SMB:BUGBEAR-B
Severity	High
Recommended	No
Recommended Action	Drop
Category	WORM
Keywords	bugbear b windows microsoft email outlook samba netbios
Release Date	2003/06/06
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

WORM: Bugbear B Worm Propagation

This signature detects attempts by the Bugbear B worm to propagate using Samba or unsecured Windows file shares. Bugbear B creates a backdoor on port 1080 of an infected Microsoft Windows host. Attackers can use this backdoor to take control of the host.

Extended Description

Bugbear is a worm that targets various Microsoft Windows operating systems. It uses the Microsoft Internet Explorer Incorrect MIME Header Vulnerability to launch itself when a user reads or previews an infected e-mail message. It opens a backdoor, and acts as a key logger on the victim machine. It propagates through e-mail.

References

URL: http://www.sophos.com/virusinfo/analyses/w32bugbearb.html
URL: http://www.microsoft.com/technet/security/bulletin/MS03-020.mspx
URL: http://www.ealaddin.com/home/csrt/valerts2.asp?virus_no=11494&cf=tl

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

WORM: Bugbear B Worm Propagation

Extended Description

References