[plug] BugBear Virus

Ryan ryan at is.as.geeky.as
Wed Oct 2 22:44:31 WST 2002


Just the usual:

http://www.f-secure.com/v-descs/tanatos.shtml
http://www.mcafee.com/anti-virus/viruses/bugbear/
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html

It also appears this one doesn't check too well for network share types and
sends its payload networked printers.  I got a phone message from my dad at
his office today saying simply: "what's going on? there's bloody paper
everywhere!" :)

I spent most of my day on the phone politely telling people which machine in
their organisation was sending out the virus (when I could glean enough info
from the headers).  They were generally not too concerned until I told them
what it did to construct the body of the messages it mass emails  ...  a
varied array of expletives soon after emerged (especially from accounting
types).

My mail server ended the day with 28% of the messages it saw infected.

As a side note, has anyone seen a default install of Lookout Express 6 SP1
recently?  The several that I saw installed with a stock standard default
IEAK config refused access to all attachments that are not images :)

Ryan


> Aaah... that explains the sudden spike of viri I've been getting coming
> in through the mail at server today. It peaked at > 100 / hour but was
> falling by the time I left at 9:30. Hopefully that wasn't just momentary.
>
> Anybody got a link to more info?



More information about the plug mailing list