$ 11.99|https://store.pandasecurity.com/300/purl-vpn?currencies=USS&x-track=55499&cart=iA001PVPNS05&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190478|$ 0.00|$;PREFIX;.;,;11;99;0;00

It ends in:

Days Hours Minutes

It ends in:

Days Hours Minutes

The best protection with a 60% discount

Apply discount

Get 40% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Call us 24/7 and get a free diagnosis 951 203 528

Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bugbear.B

 
Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:Bugbear.B
Technical name:W32/Bugbear.B
Threat level:Medium
Alias:W32/Bugbear.b@mm,, Bugbear.B, PE_BUGBEAR.B, W32.Kijmo, W32.Shamur, Win32.Bugbear.B
Type:Virus
Effects:  It infects a large number of files on affected computers, it ends processes belonging to security programs, opens the port 1080, captures keystrokes and allows a hacker to gain remote access to the resources of the computer.
Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:June 5, 2003
Detection updated on:May 14, 2009
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover

Brief Description 

    

Bugbear.B is dangerous worm that spreads via e-mail and across shared network drives.

It is very easy to become infected by this worm, as it is automatically activated when the message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame. However, Bugbear.B does not always exploit this vulnerability in order to affect the computer.

Bugbear.B carries out the following actions in affected computers:

  • It sends out a file containing a copy of the cached passwords of the dial-up connection to networks to a certain list of e-mail addresses. It does this if the default e-mail address of the victim computer, which it obtains from the Windows Registry, belongs to one of the domains in its list. This list mainly includes domains belonging to financial entities. The addresses it sends the cached passwords to are the following:
    ifrbr@canada.com, sdorad@juno.com, fbnfgh@email.ro, eruir@hotpop.com, ersdes@truthmail.com, eofb2@blazemail.com, ioter5@yook.de, iuery@myrealbox.com, jkfhw@wildemail.com and ds2iahf@kukamail.com.
  • It infects a large number of files.
  • It disables security programs.
  • It opens port 1080, which allows hackers to gain remote access to the affected computer.
  • It logs the keystrokes in a file. By doing this, hackers that accessed this file would be able to obtain confidential data such as passwords for accessing certain Internet services, bank accounts, etc. The logged information is sent when the data saved exceeds 25,000 bytes or every two hours.

Bugbear.B is a polymorphic worm, which makes it difficult for antivirus programs to detect.

Visible Symptoms 

    

Bugbear.B is difficult to recognize, as it does not display any warnings or messages that indicate that it has infected a computer.

When spreading across shared network drives, Bugbear.B does not check if the directories it is copying itself to are shared printers. Therefore, if it copies itself to one of these directories, the printer will start printing junk characters.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365