Sophos has detected a new worm that appears to be an order to sign up to the MSN 8 service. BabyBear-A arrives as an email with a variety of subject lines and text, including one which tells the recipient they have signed up to the MSN 8 service. It reads: ‘Dear Sir or Madame, We have detected that you have placed a Order for Msn8. Before we start your Service please confirm your order. To confirm your order please check the attachment. Thanks, Microsoft Corporation Support.’ Whether or not alarm bells ring at the spelling mistakes and rather cursory sign off, the idea that you may have unwittingly agreed to pay this may prompt somebody to click the attachment anyway. If the attachment is executed, a dialog box appears with the message ‘Application Error! Missing .Dll File’ along with an image referencing the BugBear worm. It then creates 50 or so copies of itself locally, along with around 100 empty folders and creates two entries to the Registry to ensure it is run on startup. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.