[unisog] BugBear Worm

John Stauffacher stauffacher at chapman.edu
Thu Oct 3 23:30:25 GMT 2002

I updated our McAfee/Sendmail installation on Monday to the latest dat
(4226) and again last night (4227), so far I have qtine'd over 300 of
these little guys. 

John Stauffacher
Network Administrator
Chapman University
stauffacher at chapman.edu

-----Original Message-----
From: Bill Martin [mailto:bmartin at luc.edu] 
Sent: Thursday, October 03, 2002 3:46 PM
To: unisog at sans.org
Cc: Bill Martin
Subject: [unisog] BugBear Worm

Has anyone encountered this beast yet?

ISS X-Force claims to be monitoring the spread of the "Bugbear" Internet
worm. It propagates through email and through open NetBIOS file shares,
attempts to disable all security and antivirus software on each host
and installs a backdoor program. They claim to have detected a large
increase in NetBIOS scanning traffic from several thousand unique

For more, check out:

-Bill Martin-
Sr. Systems Analyst
Loyola University Chicago
bmartin at luc.edu

More information about the unisog mailing list