Re: bugbear variant

[Theresa M Rowe <rowe () OAKLAND EDU>]

We have been hit hard with this today.
It is particularly ugly.  We have Sophos at the gateway, and
Norton Corporate Edition at the desktop, and the variant hit
before either had an anti-virus definition available.  We got
definitions from Sophos at 11:30 AM and Norton at 1:30 PM.
We are now doing the clean-up.

While the virus seems to be stopped, it leaves behind
hooker.trojan in keystroke capturing mode, and that is
proving extremely difficult to clean-up.
Theresa Rowe




---- Original message ----
> Date: Thu, 5 Jun 2003 14:43:55 -0500
> From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
> Subject: [SECURITY] bugbear variant
> To: SECURITY () LISTSERV EDUCAUSE EDU
>
> I received a phone call a short while ago from DHS,
indicating that a
> new variant of Bugbear was spreading, mostly among financial
> institutions.  That's all they told me.  We haven't received
reports of
> infections here at IU yet.
>
> But, information about it can be found at
> http://www.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.h
tml, or
> probably also at your favorite AV vendor site .
>
> M.
>
> --
> Mark S. Bruhn, CISSP
>
> Chief IT Security and Policy Officer
> Interim Director, Research and Educational Networking
Information
> Sharing and Analysis Center (ren-isac () iu edu)
>
> Office of the Vice President for Information Technology and
CIO
> Indiana University
> 812-855-0326
>
> Incidents involving IU IT resources: it-incident () iu edu
> Complaints/kudos about OVPIT/UITS services: itombuds () iu edu
>
> **********
> Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/memdir/cg/.
Theresa Rowe
Assistant Vice President
University Technology Services
www.oakland.edu/uts - the latest news from University Technology Services

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.