Re: ATTN: Pablo Flores (VIRUS WARNING)

H. S. Teoh wrote:

> Sorry to send this here, but just in case this *is* caused by a virus,
> people should know about it, especially since it appears to be targeted
> specifically to CONLANG subscribers.
What you are describing is, in fact, the infamous Bugbear virus. You
probably would have seen it mentioned on the news a couple of weeks
ago.

> My mail server has just received 17 emails, supposedly from Pablo Flores,
> from an email server of questionable repute. The source and destination
> email addresses have obviously been forged, as it claims to be sent from
> "pablo-flores@Q...", which obviously doesn't exist,
The Bugbear virus forges email addresses by taking the bit before the
"@" from one person and the bit after the "@" from another person, and
putting them together. Don't ask me why.

> Furthermore, the content of the email is very suspicious: it appears to be
> a truncated copy of a GENUINE message sent to CONLANG a while ago, however
> with a long binary attachment of type application/x-msdownload and (very
> suspicious) filename "icq200b.exe.exe".
Yup - that's Bugbear for you. It looks through old emails that are
still stored on your computer (assuming you're using Outlook Express)
and distributes them to all and sundry. The security implications are
worth pondering, here.

(And BTW, it doesn't grab addresses from your address book; it grabs
them from the headers of old emails stored in your folders, which is
considerably nastier.)

Please read this:

http://www.vet.com.au/html/zoo/local/zoo_descriptions/bugbear.htm

Adrian.

Replies