RE: W32/Bugbear-A spreading rapidly
Just to make sure things are interesting, W32/Opaserv-B Magallanez is supposed to be raised to Level 1 by Fsecure today. Anyone seen this one yet? Still feeling pretty cozy behind Martin's list but curious about attachment extensions for it. -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 4:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Either that or you're blocking all the files through your file filtering so they're blending in with all the Klez background noise. The way this is ramping up I have a feeling that Bugbear, just like Klez before it, is destined to become a permanent part of our lives. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:06 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Gulp! Either it's making it thru Sophos and Antigen or I'm not getting any. I sure hope it's the latter. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
We are getting hit by it, but Mailsweeper for SMTP is doing its job. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] tml -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
We are getting it also but SAVFMSE 3.0 is doing a good job catching and cleaning it Rob Weatherly -Original Message- From: Woodruff, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 1:45 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly We are getting hit by it, but Mailsweeper for SMTP is doing its job. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] tml -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Gulp! Either it's making it thru Sophos and Antigen or I'm not getting any. I sure hope it's the latter. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
So far, I've only have seen one Bugbear-A compared to the dozen or more Klez that I get each day. Aaron -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 1:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Either that or you're blocking all the files through your file filtering so they're blending in with all the Klez background noise. The way this is ramping up I have a feeling that Bugbear, just like Klez before it, is destined to become a permanent part of our lives. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:06 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Gulp! Either it's making it thru Sophos and Antigen or I'm not getting any. I sure hope it's the latter. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
No, it shouldn't be making it through your Antigen/Sophos or Worm AV. I have seen it, and Antigen purged it. Geoff... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 3:06 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Gulp! Either it's making it thru Sophos and Antigen or I'm not getting any. I sure hope it's the latter. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: John Matteson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 12:37 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly It's now a neck and neck race which virus is hitting us more Klex or Bugbear-A. Thank the programmers for ScanMail and Nemex. John Matteson Geac Corporate ISS (404) 239 - 2981 Atlanta, Georgia, USA. -Original Message- From: Candee Vaglica [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly http:[EMAIL PROTECTED] -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Hi there This was the information that I was looking for. I'm using the Martin Blackstone block list (thank you very much, BTW), and I updated the AV on Exchange. Thanks everyone for your answers Russell -Original Message- From: Durkee, Peter [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 5:03 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly The only one I've seen so far had a double extension, .HTM.SCR. -Peter -Original Message- From: Etts, Russell [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:00 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Hello Can you tell me what extensions the virus uses?? Thanks Russell -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Same here. Updated when it first came out, then double checked the gateway scanners to make sure they received the update when the High Alert came out. Haven't seen one yet. -Ryan N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.xrite.com -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:09 PM To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUGBEAR .A -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
A little info from MSNBC, the most I have found so far: http://www.msnbc.com/news/815117.asp?0pu=70 N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.xrite.com -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BUG BEAR.A Try this: Jeff Hague -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Avert Lab at NAI categorized this as Medium Threat , for info click on the link to their web site http://vil.nai.com/vil/content/v_99728.htm Kishore -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
And it probably still wont -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 1:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Here is what I was able to find on Symantec's site. Looks like Symantec has known about it and been protected against variants of this kind, since 07/02. http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.soapspy.html http://securityresponse.symantec.com/avcenter/venc/data/pws.hooker.trojan.ht ml -Original Message- From: Ryan Fennema [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:41 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly A little info from MSNBC, the most I have found so far: http://www.msnbc.com/news/815117.asp?0pu=70 N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.xrite.com -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Yeah, it saw them as infected with w32.bugbear after I updated the defs. They got stripped by their extension and I scanned them with my desktop scanner. Came back clean. After I updated my defs and scanned them again, they both were listed as infected. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Classified tagline. Please enter password: _ -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 15:14 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly And it probably still wont -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 1:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Hello Can you tell me what extensions the virus uses?? Thanks Russell -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
The only one I've seen so far had a double extension, .HTM.SCR. -Peter -Original Message- From: Etts, Russell [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:00 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Hello Can you tell me what extensions the virus uses?? Thanks Russell -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
If you block based on Martin Blackstone's List of Danger(tm) (Appendix J in the FAQ) you should be fine. I've seen a .scr and a .exe so far. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Adding manpower to a late software project makes it later. -Original Message- From: Etts, Russell [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 16:00 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Hello Can you tell me what extensions the virus uses?? Thanks Russell -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Exe and dll from mcafee.com -Original Message- From: Etts, Russell [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:00 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Hello Can you tell me what extensions the virus uses?? Thanks Russell -Original Message- From: Roger Haxton [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 4:10 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I've had two come in here so far. They got stripped because of their extension. My NAI virus scan on my desk wouldn't even catch it until I updated my defs. -- Roger Haxton Network Administrator Sure-Tel [EMAIL PROTECTED] --- Chaos, panic, disorder -- my work here is done. -Original Message- From: John Q Jr. [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject: W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Here is the updated listing on the SARC site, supposedly from 12:14pm PDT, but it wasn't there at the time of my original posting: http:[EMAIL PROTECTED] -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 1:14 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Here is what I was able to find on Symantec's site. Looks like Symantec has known about it and been protected against variants of this kind, since 07/02. http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.soapspy.html http://securityresponse.symantec.com/avcenter/venc/data/pws.hooker.trojan.ht ml -Original Message- From: Ryan Fennema [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:41 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly A little info from MSNBC, the most I have found so far: http://www.msnbc.com/news/815117.asp?0pu=70 N. Ryan Fennema, MCSE Network Administrator X-Rite Incorporated - Grandville, MI Phone: (616) 257-2165 Fax: (616) 257-2165 [EMAIL PROTECTED] www.xrite.com -Original Message- From: Scott Force [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 3:35 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly I haven't seen it yet either and I can't find anything on it yet. Anyone have any info on it, (is it an attachment)?? I haven't seen any yet either, but Messagelabs already has it in 3rd place behind Klez and Yaha, so they are out there. -Peter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 12:26 To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Same here; none yet. Bill Lambert Endoxy Healthcare 847-941-9206 [EMAIL PROTECTED] -Original Message- From: Couch, Nate [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 2:18 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly No sign of it yet on any of our customers. Nate Couch EDS Messaging -- From: John Q Jr. Reply To: Exchange Discussions Sent: Monday, September 30, 2002 14:09 To: Exchange Discussions Subject:W32/Bugbear-A spreading rapidly Anyone getting hit with this. Sophos sent a high alert warning of a unprecedented distribution. I have not been alerted to one infected message yet. Just curious. - John Q _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] __ This message is private or privileged. If you are not the person for whom this message is intended, please delete it and notify me immediately, and please do not copy or send this message to anyone else. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
Those who were having Trend Scanmail successfully catch this by using attachment screening could you please reply with which version engine etc. you are using? My Scanmail did not catch it in spite of my having *.scr in my attachment extensions to block list. It still didn't with *.*.scr either. I think I saw something about this problem about a year ago or so on this list but I can't find the appropriate message and can't seem to find the right search terms today. And, unsurprisingly, I can't get onto Trend's site to check there. Thanks, Ronni _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
You should be on 3.8 Best way to do this is in attachment blocking by extension, then duplicate by name in the other field. Exe;scr;com etc *.exe;*.scr;*.com etc -Original Message- From: Smith, Ronni [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 5:04 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Those who were having Trend Scanmail successfully catch this by using attachment screening could you please reply with which version engine etc. you are using? My Scanmail did not catch it in spite of my having *.scr in my attachment extensions to block list. It still didn't with *.*.scr either. I think I saw something about this problem about a year ago or so on this list but I can't find the appropriate message and can't seem to find the right search terms today. And, unsurprisingly, I can't get onto Trend's site to check there. Thanks, Ronni _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: W32/Bugbear-A spreading rapidly
In case anyone hasn't noticed this yet, the virus also uses random email address on the outgoing emails. I was unfortunate enough to be sent this email by someone and now other emails have been going out (from the same person it looks like) using our domain name in the senders address. Unfortunately the good folks at Messagelabs cannot read email headers and sent me an email saying that we are sending out viruses. They were even so kind as to attach the header of the incoming infected message clearing showing the email did not come from our mail server. Chuck -Original Message- From: Martin Blackstone [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 5:30 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly You should be on 3.8 Best way to do this is in attachment blocking by extension, then duplicate by name in the other field. Exe;scr;com etc *.exe;*.scr;*.com etc -Original Message- From: Smith, Ronni [mailto:[EMAIL PROTECTED]] Sent: Monday, September 30, 2002 5:04 PM To: Exchange Discussions Subject: RE: W32/Bugbear-A spreading rapidly Those who were having Trend Scanmail successfully catch this by using attachment screening could you please reply with which version engine etc. you are using? My Scanmail did not catch it in spite of my having *.scr in my attachment extensions to block list. It still didn't with *.*.scr either. I think I saw something about this problem about a year ago or so on this list but I can't find the appropriate message and can't seem to find the right search terms today. And, unsurprisingly, I can't get onto Trend's site to check there. Thanks, Ronni _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]