See email below for information on the W32/Bugbear worm.
Donna King
List Owner Tolpuddle/Cannell Mailing Lists
deking(a)rogers.com
LOVELESS/LOVELACE GENEALOGY PAGE -
UNITED KINGDOM/CANADA/AUSTRALIA
http://homepages.rootsweb.com/~martyrs
We could learn a lot from crayons: some are sharp, some are pretty, some
are dull, some have weird names, and all are different colors...but they all
have to learn to live in the same box.
----- Original Message -----
From: "Rogers Network Security" <interaction(a)rci.rogers.com
To: <Rogers Hi-Speed Internet Customers
Sent: Friday, October 04, 2002 12:10 PM
Subject: VIRUS ALERT: W32/Bugbear@MM
Dear Rogers Hi-Speed Internet Customer
You may receive an Email message with an infected attachment. This virus
called W32/Bugbear@MM, disguises itself as an Email attachment and if
opened,
can make copies of itself and send itself (without your knowledge) to
everyone
in your address book.
The infected attachment is difficult to detect as it's file name can vary.
It may contain one of the following words:
- Card
- Docs
- image
- images
- music
- news
- photo
- pics
- readme
- resume
- Setup
- song
- video
Additionally, the infected attachment displays itself with a double
extension
on Windows computers (For example photo.gif.exe). The second
extension of
this virus is
generally .scr .pif or .exe. Be extremely cautious when opening any
Email
attachments.
IF YOU RECEIVE THIS EMAIL MESSAGE, DO NOT OPEN THE ATTACHMENT. DELETE THE
EMAIL
IMMEDIATELY.
FOLLOWING ARE DETAILS ON THE EMAIL MESSAGE CONTAINING THE VIRUS:
------------------------
TO: This message has been sent to numerous Email users all over the
Internet
DATE SENT: (Varies)
FROM: (Varies)
SUBJECT: (Varies - May contain one of the subject lines at the bottom of
this
Email)
BODY OF THE EMAIL MESSAGE: (Varies)
------------------------
DETAILS:
- The message will appear to come from someone you know (Or from someone
who has
you listed in their address book)
- The virus should not infect your computer unless you have opened the
attachment.
- The virus will attempt to shut down many of the most common
anti-virus
software
and firewall software packages.
HOW DO I KNOW IF I HAVE BEEN INFECTED?
- Contacts from your Email Address Book claim that you have sent them a
strange
Email message.
- Port 36794 on your computer is opened (can only be detected by those
running
firewall software).
- If you are running a home network, your computer may be sending very
large
jobs to your printer.
STEPS ON CLEANING THE W32/Bugbear@MM VIRUS
IF YOU HAVE OPENED THE INFECTED FILE:
1. As this virus attempts to disable your Virus scanning software, you may
be unable to correctly use it to clean the virus from your computer. As
a
result:
MCAFFEE recommends downloading and running their external virus cleaner:
http://vil.nai.com/vil/stinger/
Symantec's Norton Antivirus recommends downloading and running their
external
virus cleaner:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.remov
al.tool.html
> If you use another virus scanning software package, please
check their
Website to
see if they have released a standalone program that can clean the
W32/Bugbear@MM virus.
> IF YOU HAVE NOT OPENED THE INFECTED FILE
> 1. If you do not already own one, download an updated
virus scanning
software
> package. These virus-scanning packages can be downloaded from:
> - McAffee (
http://software.mcafee.com/centers/download/default.asp)
> - Norton Antivirus (
http://www.symantec.com/downloads/)
> - Moosoft:
http://www.moosoft.com/
> NOTE: Even if you own a virus scanning software package,
it is very
important
that you download the latest virus definition file so that your
software
can
> clean this new virus.
> 2. If you receive an Email attachment that resembles the
characteristics
described
above immediately delete the entire message and remove it from
your
deleted items
> folder
> 3. Read through the steps in the Surf Safe section on our
customer support
site
> to keep your computer safe. The Surf Safe section can be found at:
>
http://www.rogershelp.com/help/content/how/surf_safe/
> Please note that although our
Network Security team responds to virus
complaints
from Rogers customers, we strongly recommend that you consistently
scan
your
Email attachments and downloaded files to protect your personal
computer,
no matter how trusted the source. This advice applies to all Email
messages,
> not just the one discussed in this message.
> Please rest assured that the Rogers Network Security Team
will continue to
> monitor the situation.
> Thank you,
> Rogers Network Security