Sysbug.A steals an infected computer's system configuration information
Sysbug.A is a backdoor Trojan that steals information about the infected computer's system configuration. Sysbug opens up a port on the infected computer allowing the possibility of external unauthorized access.
The Sysbug.A Trojan can also download and activate executable files on an infected computer. This Trojan does not, however, self-replicate. It has, until now, spread through spamming and will in all likelihood not spread further without being re-spammed. Users should, however, be aware of the security risks involved in opening these attachments.
This Trojan affects Windows 95 / 98 / 2000 / Me / NT / XP.
The e-mail carrying the Sysbug.A Trojan has the following characteristics:
Subject: Re: Mary
Hello my dear Mary,
I have been thinking about you all night. I would like to
apologize for the other night when we made beautiful love and did
not use condoms. I know this was a mistake and I beg you to
I miss you more than anything, please call me Mary, I need you.
Do you remember when we were having wild sex in my house? I
remember it all like it was only yesterday. You said that the
pictures would not come out good, but you were very wrong, they
are great. I didn't want to show you the pictures at first, but
now I think it's time for you to see them. Please look in the
attachment and you will see what I mean.
I love you with all my heart, James.Attachment: Private.zip
The Zip archive attachment contains the file 'wendynaked.jpg.exe', this is the Trojan's executable.
When executed the Trojan installs itself on the infected computer and creates a startup key in the registry so as to ensure that it always starts up with Windows. Sysbug steals the following information from the infected computer and uploads it to a website:
SMTP Account Name
POP3 User Name
NNTP User Name
SMTP Display Name
SMTP Email Address
SMTP Organization Name
After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.
The latest versions of F-Prot Antivirus detect Sysbug.A using virus signature files dated 26 November 2003 or later.