cancel
Showing results for 
Search instead for 
Did you mean: 

BugBear Warning!!

N/A

BugBear Warning!!

Hi,
I have just had to pick up the pieces after a friends machine was infected with BugBear. Please be warned this virus is very nasty and can do serious damage to your machine. BugBear causes havoc

Symptoms are:
Disabales your anti-virus software (such as Norton AV), so identifcation is impossible.

Infects Windows system folder
Damages the windows registry
Can prevent Windows shut-down
mails itself to everyone in your windows address book. Uses unlikely subject titles.
Trys to use your dial-up connection using PoProxy

Be extra careful BEFORE openning any emails your not sure of.

Regards
Ivan (sys admin)


--
5 REPLIES
N/A

RE: BugBear Warning!!

> Hi,
> I have just had to pick up the pieces after a friends machine was infected with BugBear. Please be warned this virus is very nasty and can do serious damage to your machine. BugBear causes havoc
>
> Symptoms are:
> Disabales your anti-virus software (such as Norton AV), so identifcation is impossible.
>
> Infects Windows system folder
> Damages the windows registry
> Can prevent Windows shut-down
> mails itself to everyone in your windows address book. Uses unlikely subject titles.
> Trys to use your dial-up connection using PoProxy
>
> Be extra careful BEFORE openning any emails your not sure of.
>
> Regards
> Ivan (sys admin)
>
>
>
> --
>


I trust F9 have updated their Sophos server files so that we wont be getting the email??
N/A

REPLY: Dont Think you understand the nature of the beast!!

> > Hi,
> > I have just had to pick up the pieces after a friends machine was infected with BugBear. Please be warned this virus is very nasty and can do serious damage to your machine. BugBear causes havoc
> >
> > Symptoms are:
> > Disabales your anti-virus software (such as Norton AV), so identifcation is impossible.
> >
> > Infects Windows system folder
> > Damages the windows registry
> > Can prevent Windows shut-down
> > mails itself to everyone in your windows address book. Uses unlikely subject titles.
> > Trys to use your dial-up connection using PoProxy
> >
> > Be extra careful BEFORE openning any emails your not sure of.
> >
> > Regards
> > Ivan (sys admin)
> >
> >
> >
> > --
> >
>
>
> I trust F9 have updated their Sophos server files so that we wont be getting the email??
> Hi,
Sophos AV Software alone won't stop you getting this worm/trojen horse infection. You yourself have to be extra vigilant & watch carefully at what arrives into your inbox, the double extension file attchments are a dead give away though such as XXXXX.myt.pif especially if the email body iteslf is empty. Also I would advise you to switch off the preview pane feature in your email program as my fiends machine got infected without think that he had openned the file (wrongly so!).

Ivan



--
N/A

RE: REPLY: Dont Think you understand the nature of the beast

The actual reason your friend would have been infected would be due to the malformed MIME header exploit that affects machines with unpatched copies of IE5 and 5.5. Basically outlook etc use IE to display HTML emails and a certain use of iframes can cause code to be launched.

At work I've seen about 10/20 copies come into our mail server in a day so it's spreading quite quickly. We're quite a global company so we get loads of viruses (mainly from the far east I might add), although this seems to be coming from jsut about anywhere.
N/A

RE: REPLY: Dont Think you understand the nature of the beast

Actually if you'd updated sophos in the last week you would be safe from the virus.
N/A

RE: REPLY: Ivan to Big Al

> The actual reason your friend would have been infected would be due to the malformed MIME header exploit that affects machines with unpatched copies of IE5 and 5.5. Basically outlook etc use IE to display HTML emails and a certain use of iframes can cause code to be launched.
>
> At work I've seen about 10/20 copies come into our mail server in a day so it's spreading quite quickly. We're quite a global company so we get loads of viruses (mainly from the far east I might add), although this seems to be coming from jsut about anywhere.

Hi Big Al,
Your reply was interesting as I had thought that the patch for the MIME header vulnerability only applied to people using web based mail via IE 5.01 & IE5.5 so I stand corrected Thank you!But BugBear creates a pretty bad mess if your unfortunate to get infected. The point I was trying to make was that just having AV software is NO! protection in itself against this worm/Trojen thats all really. I know you understand that but other people dont you know!!! You'd be suprised!!. Cheers Ivan.

--