Bug Bear Virus

[maface]

another virus

bug bear

[nomaxim]

Got my McAfee Alert and DAT update about two hrs. ago.

Med. risk to IE 5.01 and 5.5. W/O SP2.
That's why I stay with Netscape or Opera.

Looks like a Klez mutation, but it tries to disable A/V , and bypass firewalls.

Nasty

One possible subject line is: COWS ??

Nasty chappy, this bugbear. hers' waht one of my ISP's has to say in a warning email:

Quote:

Bugbear picks up a random old mail message from an infected
computer and re-sends it, impersonating the original sender, with a copy of
the worm attached. It does this in order to try to spread itself more
effectively, by pretending to come from someone that you already know.

*ISPname* has already seen some copies of this worm being sent, in which
the worm has happened to pick up an old *ISPname* customer bulletin from
a customer computer, and used that as the basis of its attempts
to spread itself.

If you happen to see such a message - it was not actually sent by *ISPname*.
The message was chosen at random from the mailbox of a computer that was
infected with this worm.

Kinda klez-like, as no-maxim pointed out.

Beware those who don't have a/v proggies installed and up-to-date.

Symantec have upgraded this threat today:

Quote:

Due to an increased rate of submissions, Symantec Security Response has upgraded this threat from a Category 2 to a Category 3 as of September 30, 2002.

http://securityresponse.symantec.com...ugbear@mm.html
Cheers
Mick

[OuTpaTienT]

I don't.

I ain't scared of no stinkin' virus. Bring it on.

[Creatures]

i dont use outlook express as my mail inbox so i hope i dont get this thing, i hate viruses, who are these people creating such stupid things

first use of my smiles

Creatures

[nomaxim]

McAfee gives origin as Malaysia.

McAfee Page

It will try to disable ZoneAlarm., BlackIce, AVG, to name a few.

Sends stuff to network printers too.

Quote:

The Trojan horse part of this worm first terminates many popular firewall and antivirus programs. The Trojan then launches a keystroke-logging program whose filename is a variable number of random letters followed by .dll (for example, avbxcydz.dll). Keystroke-logging programs memorize the keystrokes typed when filling out login information (passwords) or filling out shopping forms online (credit card information). Files saved by these programs can later be accessed remotely by malicious users. The Trojan component of this worm opens port 36794.

nasty little thing! thanks for the heads up!! gotta keep an eye out on that port! hopefully we won't have the little kids out probing the hell out of everyones computers.

[nomaxim]

This bug has now been upgraded to 'HIGH RISK' !!!

For both home and corp. user's.

OuT, how do you and Goassamer avoid Klez and his pals? You don't need to open an attachment for these fellows, just reading an innocent looking email from your mum can do it. It spoofs senders and steals titles from real emails.

Probably already Klez has you in his clutches, OuT. Is your firewall on or don't you believe in those either?

Cheers
Mick the cautious

[Graham]

I got an unsolicited mail yesterday, with an attachment

My Money.mny.scr

size 50.8 K

No virus found by the checker, but I am suspicious., think this could be it?


G