Theiling Online    Sitemap    Conlang Mailing List HQ   

Re: ATTN: Pablo Flores (VIRUS WARNING)

From:Adrian Morgan <morg0072@...>
Date:Saturday, October 19, 2002, 6:48
H. S. Teoh wrote:

> Sorry to send this here, but just in case this *is* caused by a virus, > people should know about it, especially since it appears to be targeted > specifically to CONLANG subscribers.
What you are describing is, in fact, the infamous Bugbear virus. You probably would have seen it mentioned on the news a couple of weeks ago.
> My mail server has just received 17 emails, supposedly from Pablo Flores, > from an email server of questionable repute. The source and destination > email addresses have obviously been forged, as it claims to be sent from > "pablo-flores@Q...", which obviously doesn't exist,
The Bugbear virus forges email addresses by taking the bit before the "@" from one person and the bit after the "@" from another person, and putting them together. Don't ask me why.
> Furthermore, the content of the email is very suspicious: it appears to be > a truncated copy of a GENUINE message sent to CONLANG a while ago, however > with a long binary attachment of type application/x-msdownload and (very > suspicious) filename "icq200b.exe.exe".
Yup - that's Bugbear for you. It looks through old emails that are still stored on your computer (assuming you're using Outlook Express) and distributes them to all and sundry. The security implications are worth pondering, here. (And BTW, it doesn't grab addresses from your address book; it grabs them from the headers of old emails stored in your folders, which is considerably nastier.) Please read this: http://www.vet.com.au/html/zoo/local/zoo_descriptions/bugbear.htm Adrian.

Replies

H. S. Teoh <hsteoh@...>
Dennis Paul Himes <himes@...>