Bugbear.B keylogger decryption utility (GPL)

Hello!

We, the anti-virus test center at the University of Magdeburg (Germany), have developed a small tool which is able to decrypt the whole keylogger protocols of the Win32/Bugbear.B worm from infected systems. As you may know, the worm installs a key logger and writes everything into files and these files are sent to lots of e-mail addresses later. Using this tool, you can decrypt the protocols to find out the possible damage.

There are two executables included in our archive (the results are identical for both tools):
- decbug16.exe is a 16 bit DOS command-line utility to decrypt the file
(written in Turbo Pascal 7.0)
- decbug32.exe is a 32 bit Windows GUI utility, written in Delphi 5 with a
few more options

The whole source code of the tools are included in the file source.zip. I put it into the open source (GPL). Feel free to modify it or to add new features or add it's code to a disinfection utility or whatever. :-)

You can download the tool (151 KB ZIP) directly from our website http://www.av-test.org (see the first "News" entry). We have also updated an earlier tool we have written in mid-December 2001 to decrypt the Win32/Badtrans.B keylogger protocol (151 KB ZIP). You can find this older tool in the news archive at http://www.av-test.org/sites/news.php3?lang=en .

cheers,
Andreas

-- 
Andreas Marx <
amarx(at)gega-it.de>, 
http://www.av-test.org
GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany
Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469


---------------------------------------------------------------------------
----------------------------------------------------------------------------