[plug] BugBear Virus
Ryan
ryan at is.as.geeky.as
Wed Oct 2 22:44:31 WST 2002
Just the usual:
http://www.f-secure.com/v-descs/tanatos.shtml
http://www.mcafee.com/anti-virus/viruses/bugbear/
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html
It also appears this one doesn't check too well for network share types and
sends its payload networked printers. I got a phone message from my dad at
his office today saying simply: "what's going on? there's bloody paper
everywhere!" :)
I spent most of my day on the phone politely telling people which machine in
their organisation was sending out the virus (when I could glean enough info
from the headers). They were generally not too concerned until I told them
what it did to construct the body of the messages it mass emails ... a
varied array of expletives soon after emerged (especially from accounting
types).
My mail server ended the day with 28% of the messages it saw infected.
As a side note, has anyone seen a default install of Lookout Express 6 SP1
recently? The several that I saw installed with a stock standard default
IEAK config refused access to all attachments that are not images :)
Ryan
> Aaah... that explains the sudden spike of viri I've been getting coming
> in through the mail at server today. It peaked at > 100 / hour but was
> falling by the time I left at 9:30. Hopefully that wasn't just momentary.
>
> Anybody got a link to more info?
More information about the plug
mailing list