Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hi

From: William Knowles <wk () c4i org>
Date: Tue, 20 Jan 2004 08:08:32 -0600 (CST)
Let me be the first to say that I'm sorry this virus infected mail
leaked through, and due to poor authentication routines in majordomo,
this may happen again.

Longtime ISN subscribers know that we don't send out attachments, if 
you did click on the attachment, the virus was W32.Beagle.A@mm.

There is a number of programs now available to rid your
computer/network of W32.Beagle.A@mm, (Check with your vendor) or you
can manually disinfect your machine by doing the following...

1. Delete the registry value and restart the computer: 

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d3dupdate.exe]

or terminate the running 'bbeagle.exe' process with Task Manager 

2. Delete the worm from the Windows System Directory: 

%SysDir%\bbeagle.exe


Finally, if you, or Usama bin Virus want to drop the Internet to its
knees, make it a point to infect university computers on the
weekend/holiday, use those networks that have no staffed
contact/emergency/help desk numbers for the computing staff. Double
check that the university police have no POC/emergency pager numbers
if something really needs to be turned off.

Not that these guys would know anything about that...

http://www.dnsstuff.com/tools/whois.ch?ip=138.87.155.2

Its a sneaky virus, so to prevent a repeat of all of this, we're going
to post messages for a few days from this address until things calm
down a little, just in case you use isn () c4i org in your mail filters.

Thanks for your support!

William Knowles
wk () c4i org



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*


: ---------- Forwarded message ----------
: Return-Path: <owner-isn () attrition org>
: Received: from forced.attrition.org (forced.attrition.org [66.80.146.7])
:       by idle.curiosity.org (8.11.6/8.11.6) with ESMTP id i0JKaKM06331;
:       Mon, 19 Jan 2004 14:36:30 -0600
: Received: (from majordomo@localhost)
:       by forced.attrition.org (8.11.6/3.8.9) id i0JJfnI08776
:       for isn-list; Mon, 19 Jan 2004 14:41:49 -0500
: Received: from clalbur ([138.87.155.2])
: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^           
:       by forced.attrition.org (8.11.6/3.8.9) with SMTP id i0JJfmd08773
:       for <isn () attrition org>; Mon, 19 Jan 2004 14:41:49 -0500
: Date: Mon, 19 Jan 2004 13:38:57 -0600
: To: isn () attrition org
: Subject: [ISN] Hi
: From: isn () c4i org
: Message-ID: <bauaoklkoxbcoysqwtn () c4i org>
: MIME-Version: 1.0
: Content-Type: multipart/mixed;
:         boundary="--------247787143784553"
: Sender: owner-isn () attrition org
: Precedence: bulk
: Reply-To: isn () c4i org
: x-unsubscribe: echo "unsubscribe isn" | mail majordomo () attrition org
: x-isn-list: x-loop, procmail, etc
: x-url: http://www.c4i.org/isn.html
:
:  Test =)
: aowybbojjfjwudjx
: --
: Test, yep.





-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: