[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [APML] Virus with APML subject recieved...
Jeff and all,
I went to the Norton site and read about the worm w32.bugbear.b@mm. It
apparently affects the computer it infects without obviously letting the
user know the computer is infected! It is obvious if it is successful at
turning the antivirus off, but an up to date antivirus program should catch
and stop it. The other things it does are behind the scene, like finding
and sending passwords out, etc.
I'm sure that the infected messages some of us received came from mutual
contacts we have made off the APML (direct correspondence). If we can
identify the actual source (Jeff's address was on the same machine as mine)
we could help that person clean up his computer. I looked at my address
book and I have about 50 addresses of APML individuals that I have contacted
directly off list over the past year or so. I'm not sure there is an easy
way to compare address lists and identify the source.
Don
----- Original Message -----
From: "Jeff Crilly" <jlcphoto@myrealbox.com>
To: "Discussion of Film Astrophotography" <astro-photo@seds.org>
Sent: Tuesday, July 01, 2003 08:06
Subject: Re: [APML] Virus with APML subject recieved...
> Hmm...
>
> Another minor note that folks should maybe look out for...
>
> It seems this message possibly originated from someone on "nextgentel.com"
> in norway. The mail.broadpark.no seems legit. Dunno for sure, but
> possibly someone in norway is infected?
>
> Also, keep in mind that this virus sends using an SMTP client
> built into it.. ie. you wont see these messages in your "sent" folder
> if the virus sends it.
>
> (Also, fwiw, the headers note 17:10 UTC as the time this was sent.
> My event log says my computer was turned on at 11am local time,
> which is 18:00 UTC. I'm pretty sure my computer was when this
> was propagating.)
>
> An easy way to see if you are infected is to check if you have oddly
> named programs in your start menu.
>
> More info here including a link to a removal tool...
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.htm
l
>
>
>
> > Return-Path: <jlcphoto@wi.rr.com>
> > Received: from mtiwmhc14 ([127.0.0.1]) by mtiwmhc14.worldnet.att.net
> > (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with
ESMTP
> > id
<20030701171050.JIUL25972.mtiwmhc14.worldnet.att.net@mtiwmhc14>
> > for <astropix@worldnet.att.net>; Tue, 1 Jul 2003 17:10:50
+0000
> > Received: from mtiwmhc14.worldnet.att.net ([127.0.0.1])
> > by mtiwmhc14.worldnet.att.net
> > (InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with
ESMTP
> > id
> >
<20030701170755.JAGN25972.mtiwmhc14.worldnet.att.net@mtiwmhc14.worldnet.att.
net>
> > for <astropix@worldnet.att.net>; Tue, 1 Jul 2003 17:07:55
+0000
> > Received: from mail.broadpark.no ([217.13.4.2])
> > by mtiwmhc14.worldnet.att.net (mtiwmhc14) with ESMTP
> > id <2003070117075411400q8g2fe>; Tue, 1 Jul 2003 17:07:54 +0000
> > Received: from byteheaven (68.80-202-100.nextgentel.com [80.202.100.68])
> > by mail.broadpark.no (Postfix) with SMTP
> > id 349EB786D8; Tue, 1 Jul 2003 19:07:47 +0200 (MEST)
> > From: "Jeff Crilly" <jlcphoto@wi.rr.com>
> > Subject: Re: [APML] Question re efficient use of film vs Quality
> > Message-Id: <20030701170747.349EB786D8@mail.broadpark.no>
> > Date: Tue, 1 Jul 2003 19:07:47 +0200 (MEST)
> > To: undisclosed-recipients:;
> > Mime-Version: 1.0
> > Content-Type: multipart/mixed;
>
> _______________________________________________
> Astro-Photo mailing list
> Astro-Photo@seds.org
> http://seds.org/mailman/listinfo/astro-photo
>
_______________________________________________
Astro-Photo mailing list
Astro-Photo@seds.org
http://seds.org/mailman/listinfo/astro-photo