Fact Check

Bugbear Virus

Information about the 'Bugbear' virus.

Published Oct 1, 2002


Virus name:   Bugbear (also known as Tanatos or Bugbear.B).

Status:   Real.

Origins:   Bugbear (and its June 2003 variant, Bugbear.B)

is a mass-mailing worm that, once it infects a target system, can log keystrokes, enable a backdoor trojan, and stop antivirus and firewall programs. It replicates itself by sending out e-mail to addresses harvested from infected systems using subject lines such as the following:

  • 25 merchants and rising

  • Announcement

  • bad news


  • click on this!

  • Correction of errors

  • Cows

  • Daily Email Reminder

  • empty account

  • fantastic

  • free shipping!

  • Get 8 FREE issues - no risk!

  • Get a FREE gift!

  • Greets!

  • Hello!

  • Hi!

  • history screen

  • hmm..

  • I need help about script!!!

  • Interesting...

  • Introduction

  • its easy

  • Just a reminder

  • Lost & Found

  • Market Update Report

  • Membership Confirmation

  • My eBay ads

  • New bonus in your cash account

  • New Contests

  • new reading

  • News

  • Payment notices

  • Please Help...

  • Re: $150 FREE Bonus!

  • Report

  • SCAM alert!!!

  • Sponsors needed

  • Stats

  • Today Only

  • Tools For Your Online Business

  • update

  • various

  • Warning!

  • wow!

  • Your Gift

  • Your News Alert

The messages sent out by Bugbear can exploit vulnerabilities in some versions of Microsoft Internet Explorer and Microsoft Outlook that enable it to execute automatically when an infected e-mail is viewed. You can protect your PC from infection by Bugbear by downloading and installing the preventive patches offered by Microsoft for these security holes in Microsoft Security Bulletin MS01-027 and the Cumulative Patch for Internet Explorer Q323759.

If your system has already been infected by Bugbear, a removal tool can be obtained from Symantec or from F-Secure.

See the links below for more information on how to detect and remove Bugbear.

Additional Information:

  W32.Bugbear@mm W32.Bugbear@mm (Symantec Security Response)
  W32/Bugbear@MM Bugbear (F-Secure)
  W32/Bugbear@MM W32/Bugbear@MM (McAfee Virus Information Library)
  More articles about Bugbear More articles about Bugbear

Last updated:   27 January 2008

  Sources Sources:

    Associated Press.   "Stealthy E-Mail Worm Bugbear Infecting Computers in Dozens of Countries."

    6 October 2002.


David Mikkelson founded the site now known as snopes.com back in 1994.