Our system, running F-Prot and updated every 6 hours, just caught a virus which was identified as W32/Bugbear.A@mm
----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 30, 2002 12:43 PM Subject: Re: [Declude.Virus] FW: EMERGENCY ALERT: W32/Bugbear-A spreading rapidly > > >FYI, this looks to be a bad one. > > > >I am still trying to see what the payload is, whether in the e-mail > >itself or in an attachment, and what kind of attachment. > > > >Any one know? > > Mcafee has this as Low Risk, but Sophos just issued an Emergency Alert > about this, and I was about to post a warning here. It does seem > nasty. http://vil.mcafee.com/dispVirus.asp?virus_k=99728 has quite a bit > of information about it. The payload is a trojan horse that opens port > 36794 on the local machine (it is not known yet what can be done with that > port). > > The good news is that it looks like this one will get caught as an "Outlook > MIME Header Vulnerability" by Declude Virus, whether or not the virus > definitions can detect it. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses at HNB.com] > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
