From: owner-alloy-digest@smoe.org (alloy-digest) To: alloy-digest@smoe.org Subject: alloy-digest V8 #135 Reply-To: alloy@smoe.org Sender: owner-alloy-digest@smoe.org Errors-To: owner-alloy-digest@smoe.org Precedence: bulk X-To-Unsubscribe: Send mail to "alloy-digest-request@smoe.org" X-To-Unsubscribe: with "unsubscribe" as the body. alloy-digest Monday, August 18 2003 Volume 08 : Number 135 Today's Subjects: ----------------- Alloy: [OT] virus check suggested [Paul Baily ] Re: Alloy: [OT] virus check suggested [Russell Milliner Subject: Alloy: [OT] virus check suggested Hi all, At about 1:50am (GMT +10:00) I received several bounces as a result of some PC out there trying its best to propagate the Bugbear virus. Because this critter fakes the from address it's hard to track down the source, but the fact that the faked from addresses included robinthurlow, bcracknell (both are valid alloy addresses - if they didn't end with @paulbaily.com that is), and on one bounce used a subject line that looked like a reply to an Alloy message, I think one of our subscribers may have a sick PC. The sender headers are inconclusive, but suggest possibly someone using Energis as their ISP may be the unwitting source. Either way, may I suggest everyone does an anti-virus definition update and runs a quick check on each PC they use for email (if they're running Windows) just to be sure? Bugbear is pretty invisible and includes keylogging capabilities so even if your PC is making all the right noises it would pay to err on the side of caution... For more info: and the actual variant that came through in the bounces: You can find quite a good (reportedly!) freeware anti-virus program here if you're not already running one: cheers, Paul. [hey Crackers, what episode was that first elite speak one? Think it's relevant to the scriptkiddies who kitsetted this thing. :-) ] ------------------------------ Date: Sun, 17 Aug 2003 22:46:18 -0400 From: Russell Milliner Subject: Re: Alloy: [OT] virus check suggested I also received one also appearing to be from robinthurlow. - -Russ Paul Baily wrote: > > Hi all, > > At about 1:50am (GMT +10:00) I received several bounces as a result > of some PC out there trying its best to propagate the Bugbear virus. > > Because this critter fakes the from address it's hard to track down > the source, but the fact that the faked from addresses included > robinthurlow, bcracknell (both are valid alloy addresses - if they > didn't end with @paulbaily.com that is), and on one bounce used a > subject line that looked like a reply to an Alloy message, I think > one of our subscribers may have a sick PC. > > The sender headers are inconclusive, but suggest possibly someone > using Energis as their ISP may be the > unwitting source. > > Either way, may I suggest everyone does an anti-virus definition > update and runs a quick check on each PC they use for email (if > they're running Windows) just to be sure? Bugbear is pretty invisible > and includes keylogging capabilities so even if your PC is making all > the right noises it would pay to err on the side of caution... > > For more info: > w32.bugbear.b@mm.html> > > and the actual variant that came through in the bounces: > > w32.bugbear.b.dam.html> > > You can find quite a good (reportedly!) freeware anti-virus program > here if you're not already running one: > > > > cheers, > > Paul. > > [hey Crackers, what episode was that first elite speak one? Think > it's relevant to the scriptkiddies who kitsetted this thing. :-) ] ------------------------------ End of alloy-digest V8 #135 ***************************