Detections
Analytics
Bugbear Worm Detection
critical Nessus Plugin ID 11135
Synopsis
The remote host has been compromised.Description
The BugBear backdoor is listening on this port. An attacker may connect to it to retrieve secret information such as passwords, credit card numbers, etc.The BugBear worm includes a keylogger and can kill antivirus and firewall software. It propagates through email and open Windows shares.
Depending on the antivirus vendor, it is known as Tanatos, I-Worm.Tanatos, NATOSTA.A, W32/Bugbear-A, Tanatos, W32/Bugbear@MM, WORM_BUGBEAR.A, Win32.BugBear...
Solution
- Use an Antivirus package to remove it.- Close your Windows shares
- Update your IE browser See 'Incorrect MIME Header Can Cause IE to Execute E-mail Attachment'
See Also
http://www.nessus.org/u?db7425b2
http://www.nessus.org/u?45f1d49b
http://vil.nai.com/vil/content/v_99728.htm
http://support.microsoft.com/default.aspx?scid=KB;en-us;329770&
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-020
Plugin Details
Severity: Critical
ID: 11135
File Name: bugbear.nasl
Version: 1.37
Type: remote
Family: Backdoors
Published: 10/3/2002
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.3
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 3/30/2001
Reference Information
CVE: CVE-2001-0154
BID: 2524