Re: Bugbear.b (worm du jour)

[Eric Anderson <anderson () cs uoregon edu>]

Maybe I should clarify:  By "very slowly" I meant that this should spread
significantly more slowly than something which is able to exploit a
vulnerability and start executing as soon as it finds a susceptible host.  If
it's been in the wild for 12 hours without compromising most of the vulnerable
hosts, that's slow relative to what's possible.

Thus spake Jack Bates (jbates () brightok net):

[snip]
 
> That is a very bad assumption to make. Not all AV software can detect 
> the various variations of it yet. In addition, there are many EU's that 
> will still run any executable that shows up in their inbox. Many reports 
> of the Microsoft Patch scam being used with this one.
>
> It is multi-part mime, so my current stripping methods will protect the 
> mailboxes on my system.
>
> -Jack