The first analysis of the worm shows that it contains a list of about 1,400 different Internet addresses (domain names) mostly of banks world-wide. We have no information at this stage on how this list is meant to be used by the virus. Norman Data Defense Systems advise banks in particular to be on alert.

W32/BugBear.B@mm is a mass-mailing worm that spreads through virus-generated emails and shared resources in networks. It infects program files and attempts to terminate various antivirus and firewall programs found on the infected computer.

This worm is currently being analyzed and additional information will be provided as soon as it becomes available.

Norman Virus Control (NVC) with definitions files from Thursday, June 05, 2003 or later detects the worm. Users are encouraged to update their NVC installation with the latest definition files immediately.

More information on www.norman.com

For further information, please contact

Norman ASA, Audun Lødemel, tel.+47 671 097 79 / +47 934 465 31