1. VIRUS ALERT: w32/bugbear@MM
I just spent many hours getting the email virus w32/bugbear@MMand one called
PWS-Hooker.dll off my system, and since they are remailers, it's possible
people on this list might have been sent it too (from my address book), so
it wouldn't hurt to be alert for them.
I think they look for old email to re-present, because mine was purportedly
from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria
so I opened it, and besides my firewall asking if it was ok to set something
up as a server (I said no), I got a notification (windows?) that a file was
being downloaded, which shouldn't have been happening, and then I noticed my
firewall wasn't in the systray anymore, nor was my anti-virus. So the virus
took them both OUT. and I think part of the virus load is a trojan to
capture/send passwords.
I did find the two myself, before I updated my virus checker & it found
them, by looking at all new files today at around the time my firewall went
down. Deleted one, but it came back, and the other was "in use" by Windows
& wouldn't delete until my virus checker got rid of it.
Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ?
Dan Moyer
2. Re: VIRUS ALERT: w32/bugbear@MM
Dan,
I got it from you or your source--current edition of Norton killed it. If
you upgrade your Virus checker, get one that scans outgoing email.
-- Mike Nelson
----- Original Message -----
From: "Dan Moyer" <DANIELMOYER at prodigy.net>
To: "EUforum" <EUforum at topica.com>
Subject: VIRUS ALERT: w32/bugbear@MM
>
> I just spent many hours getting the email virus w32/bugbear@MMand one
called
> PWS-Hooker.dll off my system, and since they are remailers, it's possible
> people on this list might have been sent it too (from my address book), so
> it wouldn't hurt to be alert for them.
>
> I think they look for old email to re-present, because mine was
purportedly
> from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria
>
> so I opened it, and besides my firewall asking if it was ok to set
something
> up as a server (I said no), I got a notification (windows?) that a file
was
> being downloaded, which shouldn't have been happening, and then I noticed
my
> firewall wasn't in the systray anymore, nor was my anti-virus. So the
virus
> took them both OUT. and I think part of the virus load is a trojan to
> capture/send passwords.
>
> I did find the two myself, before I updated my virus checker & it found
> them, by looking at all new files today at around the time my firewall
went
> down. Deleted one, but it came back, and the other was "in use" by
Windows
> & wouldn't delete until my virus checker got rid of it.
>
> Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ?
>
> Dan Moyer
>
>
>
>
3. Re: VIRUS ALERT: w32/bugbear@MM
It was also sent to me, but not by your machine, as far as I can tell. It
shut down my firewall for a split second, but MacAfee nailed it. I got an
advisory about this one a couple of days ago. A subsequent complete virus
scan showed no presence of it on my machine.
Travis Beaty
Mason City, Iowa.
----- Original Message -----
From: "Mike Nelson" <MichaelANelson at WORLDNET.ATT.NET>
To: "EUforum" <EUforum at topica.com>
Subject: Re: VIRUS ALERT: w32/bugbear@MM
>
> Dan,
>
> I got it from you or your source--current edition of Norton killed it. If
> you upgrade your Virus checker, get one that scans outgoing email.
>
> -- Mike Nelson
> ----- Original Message -----
> From: "Dan Moyer" <DANIELMOYER at prodigy.net>
> To: "EUforum" <EUforum at topica.com>
> Sent: Wednesday, October 02, 2002 4:21 AM
> Subject: VIRUS ALERT: w32/bugbear@MM
>
>
> > I just spent many hours getting the email virus w32/bugbear@MMand one
> called
> > PWS-Hooker.dll off my system, and since they are remailers, it's
possible
> > people on this list might have been sent it too (from my address book),
so
> > it wouldn't hurt to be alert for them.
> >
> > I think they look for old email to re-present, because mine was
> purportedly
> > from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria
> >
> > so I opened it, and besides my firewall asking if it was ok to set
> something
> > up as a server (I said no), I got a notification (windows?) that a file
> was
> > being downloaded, which shouldn't have been happening, and then I
noticed
> my
> > firewall wasn't in the systray anymore, nor was my anti-virus. So the
> virus
> > took them both OUT. and I think part of the virus load is a trojan to
> > capture/send passwords.
> >
> > I did find the two myself, before I updated my virus checker & it found
> > them, by looking at all new files today at around the time my firewall
> went
> > down. Deleted one, but it came back, and the other was "in use" by
> Windows
> > & wouldn't delete until my virus checker got rid of it.
> >
> > Maybe if I'd kept my virus checker up to date, I wouldn't have got it. ?
> >
> > Dan Moyer
> >
> >
>
>
4. Re: VIRUS ALERT: w32/bugbear@MM
- Posted by munchr at mac.com
Oct 02, 2002
At 04:21 AM 02/10/2002 -0700, Dan wrote:
>I just spent many hours getting the email virus w32/bugbear@MMand one called
>PWS-Hooker.dll off my system, and since they are remailers, it's possible
>people on this list might have been sent it too (from my address book), so
>it wouldn't hurt to be alert for them.
>
>I think they look for old email to re-present, because mine was purportedly
>from David Cuny (at dcuny at siol.net), with a subject: Re: Peuphoria
I received it as well, on my euphoria account. By that, I mean that it is only
subscribed to the Euphoria list, and has never been used elsewhere. No spam
has ever been received in the year that I have had the account, so I was quite
surprised to see a message about "your CDNOW order confirmation". Luckily,
my email provider (mac.com) scans all incoming mail, and they removed the
attachment. I can only assume that it came from an infected machine on this
list that has my address in an address book.
It claimed to have come from "manager at griffon.mwsc.edu", but has a return
path of 2Cust70.tnt9.adl1.da.uu.net [63.12.15.70] by way of
pluto.senet.com.au.
The router tnt9.adl1.da.uu.net is part of UUNET/Worldcom's
network and is located in Adelaide, Australia. So if you are on this list,
and live
in or near Adelaide, please check your PC for an infection by W32/BugBear at MM.
This has been a public service announcement.
James Powell
