Re: Virus ALARAM
Posted: Tue Oct 01, 2002 7:31 pm
Greetings
My ISP stopped four people sending me emails infected with the 'bugbear' virus just today - so be VERY careful.
New Virus W32/Bugbear (Launched 30/09/2002)
Please see
http://www.itworld.com/Sec/2199/020930emailvirus/
Some details from above site appear below. Please make sure your virus guard is up to date.
Soroush
A new e-mail-borne virus variously known as "Tanatos," and "W32/Bugbear," is being circulated as an e-mail attachment and appears to target machines running Microsoft Corp. operating systems, according to alerts issued by a number of computer security companies.
The virus file is attached to e-mails with a wide variety of subject lines such as "bad news," "Membership Confirmation," "Market Update Report," and "Your Gift," and appears to use randomly-generated names to avoid detection by antivirus software, as well as multiple file extensions to disguise the fact that it is an executable file, according to Vincent Gullotto, vice president of the McAfee AVERT (Anti-Virus Emergency Response Team) at Network Associates Inc.
Once activated, the virus shuts down scores of vital processes used by Windows and by antivirus software, records user keystrokes, opens a backdoor to the infected machine for use by attackers, and attempts to mail copies of itself out to other users, randomly generating new subject lines and virus executable names as it does, according to Gullotto.
Despite receiving numerous copies of the virus from customers and partners, however, antivirus researchers at AVERT have been unable to get the mail function of the virus to work, said Gullotto.
"All samples we've seen may not be the result of a mass mailing produced by someone launching the virus. We could just be witnessing the seeding of the virus, by the author, rather than evidence that it's working on other systems," said Gullotto.
The new virus takes advantage of a known vulnerability in Microsoft's Internet Explorer versions 5.01 and 5.5 that allows attackers to embed malicious code in the header of an improperly formatted HTML message that could cause e-mail clients such as Outlook to automatically launch attached executable
[Non-text portions of this message have been removed]
My ISP stopped four people sending me emails infected with the 'bugbear' virus just today - so be VERY careful.
New Virus W32/Bugbear (Launched 30/09/2002)
Please see
http://www.itworld.com/Sec/2199/020930emailvirus/
Some details from above site appear below. Please make sure your virus guard is up to date.
Soroush
A new e-mail-borne virus variously known as "Tanatos," and "W32/Bugbear," is being circulated as an e-mail attachment and appears to target machines running Microsoft Corp. operating systems, according to alerts issued by a number of computer security companies.
The virus file is attached to e-mails with a wide variety of subject lines such as "bad news," "Membership Confirmation," "Market Update Report," and "Your Gift," and appears to use randomly-generated names to avoid detection by antivirus software, as well as multiple file extensions to disguise the fact that it is an executable file, according to Vincent Gullotto, vice president of the McAfee AVERT (Anti-Virus Emergency Response Team) at Network Associates Inc.
Once activated, the virus shuts down scores of vital processes used by Windows and by antivirus software, records user keystrokes, opens a backdoor to the infected machine for use by attackers, and attempts to mail copies of itself out to other users, randomly generating new subject lines and virus executable names as it does, according to Gullotto.
Despite receiving numerous copies of the virus from customers and partners, however, antivirus researchers at AVERT have been unable to get the mail function of the virus to work, said Gullotto.
"All samples we've seen may not be the result of a mass mailing produced by someone launching the virus. We could just be witnessing the seeding of the virus, by the author, rather than evidence that it's working on other systems," said Gullotto.
The new virus takes advantage of a known vulnerability in Microsoft's Internet Explorer versions 5.01 and 5.5 that allows attackers to embed malicious code in the header of an improperly formatted HTML message that could cause e-mail clients such as Outlook to automatically launch attached executable
[Non-text portions of this message have been removed]