A former member of the PCI PowerMacs list was alerted to the presence of a virus on a message purportedly sent from pci-powermacs. He emailed the following:
>This morning I received an email (apparantly) from >><[EMAIL PROTECTED] > >Our virus scanning software, carefully updated by our professional >paranoids, alerted me to the fact that it contained a bugbear a virus in >an attachment (filename cotter.dat.scr) > >The email message itself seems real enough, until you look at the dates; >look at the bottom of this mail. A little research on the bugbear virus turns up the following: 1. It installs itself in the Startup folder of any version of Windows later than 3.1. 2. It attempts to use any SMTP (email sending) resources on the infected computer to create mass mailings. 3. It attempts to install itself on other computers on the network. 4. It attempts to create a backdoor on the infected computer that the worm's creator could use to access the computer in the future. 5. It will send emails from "safe looking" bogus email addresses (such as [EMAIL PROTECTED] instead of @maclaunch.com) to addresses it finds. It also seems to quote part of an email from that user ID to make the message look more authentic. You may be tipped off by a strange date, an unusual return address, or your virus checker going off (Windows users should always run virus checking -- users with other operating systems cannot be infected by this and most other viruses). These messages are not from our lists or our server; the bugbear worm can only be propagated by Windows computers. However, at first glance they may appear to come from us, so Windows users should be careful when checking list messages. And we can all wonder when Microsoft is going to get serious about secure computing. The level of insecurity that gave birth to tens of thousands of worms and viruses in simply unacceptable, yet over 90% of all computer users take it in stride as something normal they have to deal with. Thank goodness we only use Macs for production and *nix servers for our site and mailing lists. -- Dan Knight, president, Cobweb Publishing, Inc. <http://cobwebpublishing.com> <http://lowendmac.com> <http://digital-views.com> <http://digigraphica.com> <http://lowendpc.com> <http://reformed.net> In a world without walls or fences, who needs windows or gates? This is an automated message from the MichiMac mailing list manager. You are subscribed to MichiMac as <^A>. ** Make a note of that -- you can only post, change mode (between digest and feed), and unsubscribe from <^A>. If you have more than one email address, please keep this email handy in case you ever have problems posting, changing mode, or unsubscribing. ** Also note that this list only accepts plain text email. The list server is set to reject styled text and any type of attachment. Anything other than plain text will be bounced. To post to the list, email: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> To switch to feed mode, email: <mailto:[EMAIL PROTECTED]> To switch to digest mode, email: <mailto:[EMAIL PROTECTED]> --> AOL users, remove "mailto:"; All questions about this mailing list not covered in the FAQ (linked at <http://lowendmac.com/lists/>) or netiquette page <http://lowendmac.com/lists/netiquette.shtml> should be sent to <mailto:[EMAIL PROTECTED]>
