The bugbear worm that is currently going around also uses a similar technique to spoof the sender's e-mail address. I have received quite a few e-mails from infected machines over the past few days. This is one of the rare occasions where I have to give thanks to microsoft. The version of Outlook that I use automatically discards attachments with certain file extensions so that all of the little bugbears are thrown away before I see the message.
Llew Griffiths ________________________________ Llew Griffiths & Associates Pty Limited Embedded Controller Design Consultants Melbourne, Australia http://www.llga.com.au > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Robert > Mitchell > Sent: Saturday, 5 October 2002 22:39 > To: Multiple recipients of list CHIPDIR-L > Subject: Re: <OT> Which Virus? > > > Declan, Uwe (and others), > > The virus is probably the back burner virus. It infects through Outlook > (express) using an attachment which looks like an image file or > something non-executable but with an additional executable extension > which allows it to run. It then emails itself to addresses in the > address book with a sender's address which is invented by joining > together parts of 2 entries in the address book. Thus any attempt to > warn the infected person will fail. > My wife received an email which somehow evaded deletion although it was > recognised by antivirus software. It then shut down Norton Antivirus and > I was unable to update virus definitions or carry out virus checks since > Norton Antivirus would close shortly after being started. Rebooting did > not help. > I downloaded an executable from Symantec to remove the virus but it also > would not run properly and I eventually had to boot up W98 in safe mode > to get it to work. The result was that 2 files were deleted from the > computer and a registry entry removed. > The computer now works and appears to be clean with NAV running > normally. > > This is a very ugly customer and the first one to have got through since > I started using the antivirus software. > > Bob Mitchell > -- Author: Llewellyn Griffiths INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB CHIPDIR-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
