[RC5] Virus alert !

blitz blitz at macronet.net
Thu Oct 10 09:12:11 EDT 2002


The definitive info on Bugbear is here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html

Im getting 2 - 4 a day of either BB or Klez this past week....viri snatcher 
gets them all..



>In my experience, the From: address of bugbear is meaningless. Being a
>postmaster of medium-sized network, I have received messages from
>various virus scanners around the world claiming that user
>somebody at my.domain has sent them bugbear, when I know that no such user
>exists in my domain.
>
>My hypotesis is that bugbear constructs its from: address using
>addresses found on local machine, taking username part from one address
>and domain part from another address.
>--
>Toomas Aas | toomas.aas at raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
>* A preposition is a bad thing to end a sentence with.
>
>--
>To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
>rc5-digest subscribers replace rc5 with rc5-digest

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list