W32/Bugbear.A, also known as I-Worm.Tanatos or W32/Tanat, is an internet worm that spreads via email. Current information is preliminary, but, when executed it will install itself to run each time the machine is started, and it also terminates various anti-virus and firewall programs, and contains a keystroke-logging program. It sends itself to email addresses found on the victim's machine. The message subject and body are quite variable, and may be related to text from other files or messages on the machine. W32/Bugbear.A also opens a backdoor, and is capable of spreading via a local network by copying itself to the startup folder on remote shares.
Most anti-virus developers have issued alerts about W32/Bugbear.A. Messagelabs first stopped it at 20:23 GMT 29 September 2002 in an email from Malaysia. Sophos has received several reports in a short space of time.
Users are advised to update their anti-virus software as soon as possible.