A new e-mail worm, called W32/Bugbear.A@mm by our virus analysts, started spreading in the wild on 30th of September. W32/Bugbear@mm is a UPX compressed mass-mailing worm with keylogging and backdoor capabilities.
It copies itself to the Windows System directory under a random name. It spreads it self in e-mail messages with randomly named attachments, sending copies of it self to e-mail addresses fount in the infected computer's inbox and in files with these extensions: .ODS .MMF .DBX .NCH .EML .TBB .MBX . The worm can also spread by picking up an e-mail message of the infected computer and send them with itself attached.
In the process of infecting the worm also attempts to disable antivirus programs and other computer security related programs.
Virus signature files for F-Prot AntivirusTM since 30th of September or later detect and disinfect W32/Bugbear.A@mm. Users of F-Prot AntivirusTM are urged to update their virus signature files to secure their computer's data.
Technical description of W32/Bugbear.A@mm from our virus analysts