|
Michael I got this from Mcafee. Sounds like the thing you had. I ran all the scans on my system and nothing's here, but it could have been from anyone that's on the board (ie: they got the first message and then the worm attached itself to 2 addresses and sent it back to the board). I would advise that everyone that's on the DnB list to run the application "Stinger" from McAfee to scan and remove it. =========================== McAfee Security VIRUS ALERT =========================== The W32/Bugbear@MM Worm is spreading � AVERT risk assessment is HIGH =========================== The risk assessment of this threat has been raised to High due to the continuing increase in prevalence. McAfee�s VirusScan ASaP subscribers are protected with the 4226 DAT, released 9/30/02. More information about W32/Bugbear@MM can be found on McAfee�s Security HQ at http://hq.mcafeeasap.com/dispVirus.asp?virus_k=99728. AVERT has released a removal tool to assist infected users with this virus WHAT IS IT? This worm emails itself to addresses found on the local system. The virus code contains email subject strings and attachment names. However, the majority of samples received contain information not present in the virus, suggesting that there is a higher probability of the virus using words and filenames contained on the infected system. This worm has the ability to spoof, or forge, the 'From:' field. Additionally the virus can use a fabricated from address, by taking the name before the "@" sign of one address, and the domain name after the "@" sign of another address. (ie. [EMAIL PROTECTED] + [EMAIL PROTECTED] = [EMAIL PROTECTED]). It is common for the attachment name to contain a double-extension (ie. .doc.pif). Outgoing messages look to make use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability (MS01-020) in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2). This virus is written in MSVC and packed with UPX. It spreads via network shares and by emailing itself. It also contains a backdoor trojan component that contains keylogging functionality. SYMPTOMS � Port 36794 open � Existence of the following files (* represents any character): o %WinDir%\System\****.EXE (50,688 or 50,684 bytes) o %WinDir%\******.DAT o %WinDir%\******.DAT o %WinDir%\System\******.DLL o %WinDir%\System\*******.DLL o %WinDir%\System\*******.DLL � Large Print jobs sent to network printer. Sincerely, McAfee Security Network Associates, McAfee and VirusScan are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered or unregistered trademarks in this document are the sole property of their respective owners. � 2002 Networks Associates Technology, Inc. All rights reserved. Drum&Bass Arena Producers Discussion List http://www.breakbeat.co.uk You are currently subscribed to dnb-prod as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] |
