Re: Possible new Bugbear

[Joe Miller <joseph-p-miller () cox net>]

Sorry folks, it's not a new variant but it appears as though it is a new attempt at spreading this ancient worm.


============================================================
From: Joe Miller <joseph-p-miller () cox net>
Date: 2004/02/04 Wed PM 12:34:10 EST
To: incidents () securityfocus com, aztechlist () yahoogroups com, kmiller210 () cox net, bruce.burton () shawgrp com, 
joe.miller () shawgrp com
Subject: Possible new Bugbear

All,
Please be aware of emails with this Subject and message:

From:   "Southwest Airlines"
Subject:   Ticketless Travel Passenger Itinerary

************ !!! IMPORTANT NOTICE !!! ************
** BRING A COPY OF THIS ITINERARY WITH YOU TO   **
** THE AIRPORT FOR FLIGHT CHECKIN. 

Download Attachment: addresses.xls.exe 


I received this email that I thought was in error from Southwest Airlines.

I've never heard of BugBear coming from spoofed airlines or COX (@cox.com) email addresses so please bare with me:
It was a flight itinerary so I clicked Reply to inform them that I was th wrong person and noticed something strange 
about the reply address "Southwest Airlines"(no-reply () updates cox com) <AND> there was an attachment with two file 
extensions called addresses.xls[1].exe
Knowing that it was a virus I opened it with a PC that I could take off the network if it was MiMail, Bugbear or any 
other worm.  McAfee detected it as W32/Bugbear.b.dam and was not able to clean, delete nor move the file.

Is this a new variant of Bugbear?

Good day,
Joe Miller
============================================================



---------------------------------------------------------------------------
----------------------------------------------------------------------------