Further news on the Bugbear Virus

  Gandalph 23:40 06 Jun 2003

With gratitude to Dan Gookin of Wambooli.com

BugBear is coming back with a fury! This is the same BugBear virus that proliferated back in
September, but for some reason the "social engineering" on this one is really good, coaxing many
people to open the attachment that carries the virus and infecting their computers.

Symantec raised the alert level on BugBear to 4 today, the highest level they got. This is right on
the heels of the "[email protected]" PIF viruses just two weeks ago (though they proliferated
the SoBig virus).

BE WARNED! Bugbear disguises the From address. So it may seem like the attachment is coming
from someone you know. It's not, nor did that person send you the virus!

* Use anti-virus software.

* Do not open unexpected attachments, especially from folks you recognise. E-mail them back and
ask if they sent the file. They probably didn't.

* Links:

[email protected]" title="http://securityresponse.symantec.com/avcenter/venc/data/[email protected]" TARGET="_new">click here

click here

click here

Be sure to include links when you warn others of viruses. This provides third-party confirmation of
your report and helps stem the spread of Internet hoaxes.

  barryoneoff.co.uk 00:12 07 Jun 2003

the common or garden variety of the PC user (those that simply set it up and thats it) is not aware of the danger, and numbers of current virus's.
People like us, who use forums like this, or buy magazines have it hammered into them every time we log on. If we choose to ignore it, its our own fault. There must be millions out there who plug it in, surf, open every email, without any AV protection at all.
How else would they spread so quickly?
These are the people who need to be informed in the end. Here endeth the first lesson. Cheers, Whiz...

  Pesala 00:24 07 Jun 2003

It had a spurious From: email address that was a combination of the username of someone who posts on a forum I visit, and my own aimwell.org address: i.e. [email protected]. The message body was part, but not quite all, of a message he had posted on the forum earlier, and was truncated in mid-sentence. The email was sent to both of my email addresses.

Content: attachment; filename="Service Guidelines.doc.exe"

Content-type: application/x-msdownload; name="Service Guidelines.doc.exe"

Content-description: (null)

I have AVG installed and keep it up-to-date regularly, so it was detected as soon as I fetched my mail. Hopefully, it has not done any damage, but this is clearly a very busy virus.

  TBH1 00:27 07 Jun 2003

barryoneoff.co.uk - - -excellent observation mate - - - and if you find the answer to that you will be worth millions - -we can only educate those who feel they need to be educated.

  barryoneoff.co.uk 00:33 07 Jun 2003

but it wouldn't take much for every computer sold to have a large sticky notice attached to the screen giving a warning, and all relevent info.
Of course there would still be those who wouldn't bother but it could cut the numbers down a bit.

  Danoh 00:38 07 Jun 2003

Got sent the new [email protected] virus with a spoofed senders email address (Australian), yesterday. Only emailed "non-geek" friends today when I got notified by Symantec of status being raised to 4, today. Too late by 20 hrs ~ a Canadian friend had been hit.

But agree with above ~ we need to send clear, informative emails to those vulnerable friends in our email address books a.s.a.p.

  Gandalph 01:05 07 Jun 2003

Quite agree with what you have all said. People have to be educated but where do you start. Not an easy task by any means. Personally, any e-mails that come in to me that I dont recognise gets the right click and delete treatment. I have never had a virus on this machine, (probably my last famous words) and I keep my fingures crossed.

I will give this posting the green tick treatment but will keep poping back to read any further comments.

Welcome home Barry, Hope you had a nice Holiday. I'm still waiting of my postcard. lol.

Cheers. :-)

  barryoneoff.co.uk 01:37 07 Jun 2003

the installation of "mailwasher". You can view your emails before you download and open them. Any you are in doubt about can be inspected and rejected or blacklisted. For anyone who is unfortunate enough to get an email spread virus that invades your address book, there is a handy little tip. It wont help you personally, but it will stop contacts in your address book receiving it.

Enter an invalid address at the top of your list such as "aaaaa.virus" (dont use the '@' symbol). When the invading virus tries to send itself to the addresses in your book this will be the first one it tries, and an invalid address warning will pop up before any more are sent.

Cheers Gandalph, had a great time, Whiz...

  AMD 4 ever 01:43 07 Jun 2003

We got this one at work today: w32.bugbear.C ... note it was the latest revision being C, from Spain. Our server was clean and so was our other Win XP PC's...ut interestingly the Win9X generation [email protected] all got infected...Becareful, as It was malicous and sent it out to all email address etc. We received it from a well known person, who we correspond with every day[spain].

At present the PC's were only half dealt with...leaving many affected.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best Black Friday Deals 2017

How modern book design was influenced by illustrated manuscripts

Best Black Friday Apple Deals 2017

Les meilleurs logiciels de montage vidéo gratuits (en 2017)