Pradeep, the removal tool was only made available on Friday, by which time we had a long queue of machines waiting. Prior to that, no.
From Symantec's page:
"It retrieves the current user's email address and SMTP server from the registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Account Manager\Accounts [This, of course, is the key that is placed there by, you guessed it, Outlook. If you have never installed and configured Outlook, it isn't there to give Bugbear the chance to spread.] It then uses its own SMTP engine to send itself to all email addresses that it finds. The worm also can construct addresses for the "From:" field using information that it harvests from the infected computer."
But we don't need to read past the circumlocutions on Symantec's home page, which is ever-so-careful not to offend their bum-buddies at M$, we can simply look at the in-the-wild distribution: Outlook users infected: lots. Non-Outlook users infected: Nil. And don't kid yourself that it's because everyone uses Outlook. I can't speak for other places, but the majority of our customers do not use Outlook, and only the dwindling moronic minority that do (maybe 40%) were infected.
This is not unique to Bugbear, of course. Most (possibly all) of the major virus outbreaks of recent years have been Outlook specific. Those that are not, usually attack one or other of the other M$ security jokes, such as the centralised address book, the scripting host, or their macro language. Bottom line is as simple as it is inescapable: Microsoft are utterly hopeless at security. Always have been. And despite some appalling vulnerabilities in other M$ products, Outlook remains the unchallenged champion of them all.
my non-infectious use of Outlook does no damage to anyone else now does it?
