We've caught 58 items with our email AV scanner since midnight... While I can't guarantee they're all this new bugbear beastie (we block .PIF's outright before they actually get scanned by the AV engine), I'd bet that most of them are....
Joe Pochedley If you have time to do it twice, you had time to do it right in the first place. -----Original Message----- From: Matt Hoffman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:47 PM To: NT 2000 Discussions Subject: RE: RE: Port 1080 Is anyone getting hit hard with this yet? Thanks, Matt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2003 3:01 PM To: NT 2000 Discussions Subject: Re: RE: Port 1080 fport from Foundstone http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subc onte nt=/resources/proddesc/fport.htm > > From: "Matt Plahtinsky" <[EMAIL PROTECTED]> > Date: 2003/06/05 Thu PM 01:33:59 EDT > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Subject: RE: Port 1080 > > I'm not running any proxy server software, and I don't see any other > software that might use that port. Does anyone know if there is a > tool/program that can map active port #"s to process/service? > > Matt > > -----Original Message----- > From: Andrew Duey [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 05, 2003 11:23 AM > To: NT 2000 Discussions > Subject: Re: Port 1080 > > > Are you running any proxy server software on that machine? (such as > MS Proxy server or MS ISA) Do you run any third party software such > as sygate or wingate? > > --Andrew Duey, MCSE > Duey's Computer Service > > > ----- Original Message ----- > From: "Matt Plahtinsky" <[EMAIL PROTECTED]> > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Sent: Thursday, June 05, 2003 9:07 AM > Subject: Port 1080 > > > List, > > The Bugbear.b virus going around and one on the symptoms is that it > listens on port 1080. I have checked all my machines on my network > and I found one that has port 1080 open (my dc). I don't think that I > have this virus because I don't have any of the other symptoms. Does > anyone know what application/process uses port 1080. On google all I > could find is it is a socks port. Thanks > > Matt > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&; > la > ng=e > nglish > To unsubscribe send a blank email to %%email.unsub%% > > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&; > la > ng=english > To unsubscribe send a blank email to %%email.unsub%% > > ------ > You are subscribed as [EMAIL PROTECTED] > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=e nglish > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=e nglish To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&la ng=english To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
