Contents Computing at Cornell Home Page Site Index Search
Contents About: Services Policies Security News Help For: Students Faculty Staff Technical Support Providers CIT Contact List 		 
Computing at Cornell Security

Virus Alert: Windows "W32.Bugbear.B@mm" worm reported on campus (06/05/03)

W32.Bugbear.B@mm, a Windows virus, has been reported at Cornell. W32.Bugbear.B@mm infects computers running Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, and Windows Me.

Macintosh and Unix variants are not affected.

As of 1:15 p.m. on 6/5/03 Cornell Information Technologies has been blocking messages containing the virus. As a result, any message that has the virus will not be delivered.

What to Watch For

W32.Bugbear.B@mm is contained in e-mail attachments. The message will contain a subject line and content taken from random files and e-mail messages on an infected computer. Note this means that infected systems may send confidential mail to unintended recipients.

Do not open any e-mail attachments until your anti-virus software has been updated. If launched, the worm will infect a select list of executable files. The worm has keystroke-logging, which can be used to steal passwords and confidential information. Also, the worm installs a backdoor which gives hackers access to infected systems. Additionally, the worm attempts to terminate the processes of various anti-virus and firewall programs.

Detailed description (from Symantec)

How to Avoid It

CIT urges all Windows users to update their Norton AntiVirus software and perform a complete system scan. W32.Bugbear.B@mm is detected by Norton AntiVirus software that has been updated to the 6/5/03 virus definition file, or a newer file.

To update, run Norton AntiVirus and choose Live Update. Or download the file via Bear Access (Virus Protection folder) or via Symantec. Cornell University has signed a site license with Symantec to provide Norton AntiVirus (NAV) to the entire campus community. The license allows NAV to be used on all university-owned computers, home computers of staff and faculty, and computers owned by registered students.

Also see CIT's tips for making Eudora more resistant to viruses/worms.

How to Get Rid of It

If you suspect your computer has been infected, visit this Norton AntiVirus page for instructions on how to remove the worm. If you need additional assistance, please contact the CIT HelpDesk by calling 255-8990 or by sending e-mail to helpdesk@cornell.edu.


Security Issues for Network and System Adminstrators

Computing at Cornell Homepage CUinfo CIT Contact List Send Us Feedback

Last modified: June 5, 2003