Security Incidents mailing list archives
Re: Possible new Bugbear
From: Joe Miller <joseph-p-miller () cox net>
Date: Wed, 4 Feb 2004 12:52:13 -0500
Sorry folks, it's not a new variant but it appears as though it is a new attempt at spreading this ancient worm. ============================================================ From: Joe Miller <joseph-p-miller () cox net> Date: 2004/02/04 Wed PM 12:34:10 EST To: incidents () securityfocus com, aztechlist () yahoogroups com, kmiller210 () cox net, bruce.burton () shawgrp com, joe.miller () shawgrp com Subject: Possible new Bugbear All, Please be aware of emails with this Subject and message: From: "Southwest Airlines" Subject: Ticketless Travel Passenger Itinerary ************ !!! IMPORTANT NOTICE !!! ************ ** BRING A COPY OF THIS ITINERARY WITH YOU TO ** ** THE AIRPORT FOR FLIGHT CHECKIN. Download Attachment: addresses.xls.exe I received this email that I thought was in error from Southwest Airlines. I've never heard of BugBear coming from spoofed airlines or COX (@cox.com) email addresses so please bare with me: It was a flight itinerary so I clicked Reply to inform them that I was th wrong person and noticed something strange about the reply address "Southwest Airlines"(no-reply () updates cox com) <AND> there was an attachment with two file extensions called addresses.xls[1].exe Knowing that it was a virus I opened it with a PC that I could take off the network if it was MiMail, Bugbear or any other worm. McAfee detected it as W32/Bugbear.b.dam and was not able to clean, delete nor move the file. Is this a new variant of Bugbear? Good day, Joe Miller ============================================================ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Possible new Bugbear Joe Miller (Feb 04)
- RE: Possible new Bugbear James C Slora Jr (Feb 05)