| Author |
 Topic  |
|
Davio
Development Team Member
Jamaica
12217 Posts |
 Posted - 04 October 2002 : 09:43:56
|
There is a new dangerous virus called Bugbear that is being sent around through email. See Symantec's Security Response for more details on this virus.
Copy and paste the following url in your address bar:
w32.bugbear@mm.html" target="_blank">http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html |
Support Snitz Forums
|
|
|
TestMagic
Senior Member
USA
1568 Posts |
Posted - 04 October 2002 : 16:44:12
|
| Thanks for the heads up, Davio. That virus sounds pretty scary, especially the keylogger and backdoor part. I'm running a full, updated scan right now just to be sure I'm safe. |
Snitz rocks! · Search 2 |
 |
|
|
sy
Average Member
United Kingdom
638 Posts |
Posted - 04 October 2002 : 17:31:59
|
This thing is outlook only it seems.
From what i have read its a zombie bot, looking for participants for future denial of service attacks.
If you are still using outlook as a home user, consider switching to Mozillas mail client or Eudora.
www.mozilla.org |
The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails
|
Edited by - sy on 04 October 2002 17:48:00 |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 04 October 2002 : 19:34:40
|
[quote]If you are still using outlook as a home user, consider switching to Mozillas mail client or Eudora.{/quote]
Not me, thank you anyway :)
Maybe someone can explain to me how you're not vulnerable with Eudora or other readers. The attachment is still saved on your disk, and if you run it won't you get the same virus?
The only difference I see is Outlook allows you to run the virus from within the email message if you have an out-of-date outlook.
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 04 October 2002 : 19:52:08
|
| Yeah we've been dealing with this one at work since about Wednesday and the number of hits to my firewall on port 137 has increased ten fold in the last few days. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
sy
Average Member
United Kingdom
638 Posts |
Posted - 05 October 2002 : 05:51:09
|
quote:
Originally posted by Doug G
[quote]If you are still using outlook as a home user, consider switching to Mozillas mail client or Eudora.{/quote]
Not me, thank you anyway :)
Maybe someone can explain to me how you're not vulnerable with Eudora or other readers. The attachment is still saved on your disk, and if you run it won't you get the same virus?
The only difference I see is Outlook allows you to run the virus from within the email message if you have an out-of-date outlook.
It's only outlook pre-XP unpatched which is affected, i was just doing a little mozilla cheerleeding 
Older versions of OE before XP allowed malicous scripts to execute (as you say) within the email message (Iloveyou, melissa, sircam,Klez), even in the message 'preview' pane, the virus automagically runs, without any message or warning from outlook to the user.
Unpatched outlook takes the running of the virus out of the users hands, if the user insists on running mysterious attachments in another client then yes the virus will run, but not on its own.
Virus writers write for maximum exposure, so they target the most common and unprotected platform with their scripts, making outlook the prime target for this kind of attack.
I wasn't trying to bash MS Outlook, just pointing out to those who may not know of alternative email clients, that there are others available.
If you have the latest patched version of outlook or are running winxp then you should be ok, XP can remove malicous scripts from the email before delivery to the inbox (so i am told).
HTH
Sy |
The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 05 October 2002 : 10:20:31
|
On TechTV a few days ago they were talking about BugBear and how they rated the danger factor a 4 out of 5. They also said it was becoming more "popular" than Klez.  |
 |
|
|
|
sy
Average Member
United Kingdom
638 Posts |
Posted - 05 October 2002 : 10:30:58
|
quote:
Originally posted by dayve
On TechTV a few days ago they were talking about BugBear and how they rated the danger factor a 4 out of 5. They also said it was becoming more "popular" than Klez.
I love the 'danger factor', I wonder what happens at level 5, i don't get tech tv .
|
The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails
|
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 05 October 2002 : 10:35:31
|
quote:
Originally posted by dayve
On TechTV a few days ago they were talking about BugBear and how they rated the danger factor a 4 out of 5. They also said it was becoming more "popular" than Klez.
That's what Symantec emailed me about a couple days ago.
I keep all Office programs up-to-date with the patches and all, and I update my virus scanner each day (check at least twice a day for updates), so I think I'm relatively safe even without the fact that I don't open attachments unless I'm expecting them and thus know the sender.
[rant]
Unfortunately there are a lot of people who just click on everything they can click, and either don't have a virus scanner or never update it. If it wasn't for those "uneducated" people (uneducated in the way things go online, they might be the smartest people in their line of work), a lot of virus problems wouldn't exist, and old virusses wouldn't be able to return as often as they do.
[/rant] |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 05 October 2002 : 15:36:29
|
quote:
It's only outlook pre-XP unpatched which is affected, i was just doing a little mozilla cheerleeding
What I was asking, not being a user of these alternate email clients, is what prevents the attached virus script file from being executed by a user in these other programs. I used Eudora Lite long ago, and attachments were saved to a disk folder where I could double-click them to open. At that point, the script file should still execute and infect your computer in my mind even though it didn't come in via Outlook or OE.
I'm hoping someone can shed some light on this.
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 05 October 2002 : 16:11:51
|
Doug, the difference is that OutlookExpress used to open certain attachments by default and/or without warning. Now when you try to open an attachment you should get a warning to make sure you want to execute/open the file (that's what Outlook 2000 does, except when they're Microsoft Office files).
Right now, there is no difference. In old OE versions, the files would open automatically, making it more difficult to stop the virus from getting into your computer. |
|
|
|
Tmpj
Junior Member
Denmark
467 Posts |
Posted - 05 October 2002 : 17:00:09
|
| **** the virus writers!!!!!!!!! |
|
|
|
sy
Average Member
United Kingdom
638 Posts |
Posted - 05 October 2002 : 17:17:58
|
quote:
Originally posted by Doug G
... I used Eudora Lite long ago, and attachments were saved to a disk folder where I could double-click them to open. At that point, the script file should still execute and infect your computer in my mind even though it didn't come in via Outlook or OE.
I'm hoping someone can shed some light on this.
If you had a virus checker it would pick the virus up in the saved folder maybe?
Again, if you didn't know or expect the attachment and you open it, then its your choice, outlook would open it for you anyhow.
Sy |
The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails
|
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 05 October 2002 : 18:15:47
|
I have never had outlook or OE open an attachment automatically. I have heard of a couple preview pane/html vulnerabilities.
How do you go about opening an attachment in Netscape/Mozilla or Eudora? Isn't is somewhat similar to Outlook, where you have to do something to open the attached file?
I must be missing something here :)
|
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 05 October 2002 : 18:22:01
|
I haven't used anything but OE and Outlook more recently except Eudora for a month or two some time ago, and from what I can remember, you indeed had to click to manually open it too.
About my previous reply: I meant that files would get opened when the mail is viewed in the preview pane, as you said. I wasn't entirely clear and made it sound like the files would be opened right away. I was confused with what happened at my aunts' when I had to go there to get rid of Klez for her: McAffee showed some annoying screen about a virus with each email that was downloaded.
Sorry about the confusion. My thoughts seem to go their own way today  |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 05 October 2002 : 19:52:52
|
quote:
Sorry about the confusion. My thoughts seem to go their own way today
Hey, no need to worry, any confusion is on my end. Thanks for the help!  |
======
Doug G
======
Computer history and help at www.dougscode.com |
|
|
|
Topic |
|
Topic Locked
