Bugbros worm a bogus Microsoft alert
A mass-mailing worm pretending to be a fix from Microsoft has surfaced. Bugbros-A is attached to an e-mail from support@microsoft.com and is not particularly destructive.
A new mass-mailer worm in the wild poses as a flaw fix from Microsoft.
Bugbros-A arrives attached to an e-mail that purports to be from support@microsoft.com. The message says the attached worm is a fix for a new back-door called BugGear-A.
The worm doesn't contain a destructive payload. It can infect machines running Windows 95, 98, ME, NT, 2000 and XP, according to an advisory from antivirus software vendor Trend Micro Inc.
Astute readers probably wouldn't be fooled by the worm's social engineering because the message contains numerous misspellings. Also, it's widely known that Microsoft never sends out fixes via e-mail.
The worm has the following characteristics:
Subject: LiveUpdate Informations
Message body:
Hi,
I have send you the needed informations for the new worm-backdoor discovered. The Backdoor is called W32.Bug.Gear.A. You can run the attachment to avoide getting hacked by closing the backdoor.
Bye
Attachment: varies
If the file is run, the worm drops a copy of itself into the C:windowssystem32 folder. It also makes tweaks to the Windows registry so the worm runs every time the system starts. Bugbros then uses Microsoft Outlook to send copies of itself to people listed in the Outlook address book.
Bugbros is not the first worm to spoof the support@microsoft.com e-mail address. The Palyh worm last May also appeared to come from that address.
Start the conversation
0 comments