[RC5] Virus alert !

Toomas Aas toomas.aas at raad.tartu.ee
Thu Oct 10 15:36:04 EDT 2002


> ----- Original Message -----
> From: <PlasmaHH at gmx.net>
> To: <rc5 at lists.distributed.net>
> Sent: Thursday, October 10, 2002 3:45 AM
> Subject: [RC5] Virus alert !
> 
> 
> > this is important. I have just received an email with the New
> > Mail-Worm "Bugbear" attached. Someone (Probably Jeff Lawson) on
> > the list has been infected with this worm. So be carefull, keep
> > your virus-scanner up to date, and don't open attachments, the
> > attached file was an .xls.scr file...

In my experience, the From: address of bugbear is meaningless. Being a 
postmaster of medium-sized network, I have received messages from 
various virus scanners around the world claiming that user
somebody at my.domain has sent them bugbear, when I know that no such user 
exists in my domain.

My hypotesis is that bugbear constructs its from: address using 
addresses found on local machine, taking username part from one address 
and domain part from another address.
--
Toomas Aas | toomas.aas at raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* A preposition is a bad thing to end a sentence with.

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list