[Yaesu] Interesting viruses at work
Lee Noonan
[email protected]
Thu, 3 Oct 2002 18:44:58 +1000
I received the W32.Bugbear Virus early in the week. I believe one of My sons
were using the computer at the time, when Nortons would have come onto the
screen with "do You want to quarantine this email as it may contain a virus"
and I can only guess they said....No or Open the email..... So Explorer and
Nortons has been down since Monday.... I have been too busy painting and
moving furniture around the past week to be using the computer...
It has just taken Me 3 hours to delete the virus.... etc... and re install
and scan etc.... and Now hopefully everything is OK.
I used the Symantec website to delete the virus...
This W32.Bugbear is certainly a nasty one.... I normally receive many KLEZ
etc viruses every week, but this is the first time & hopefully the last
time, a virus has gotten past Nortons Anti Virus... maybe with a bit of
human help...
and I just received another virus from what looked like a Ham callsign VR2 I
think... I just deleted it from Nortons and its address was like:
illqso.pdf.xxx ??? I really don't understand why anyone would want to do
this.....
73
Lee Noonan VK2LEE
> WARNING: W32.Bugbear@mm
> Threat level: Category 4 (Upgraded)
> Type: Worm
> Virus Definitions: September 30, 2002 or later (via LiveUpdate)
>
> What is W32.Bugbear@mm and how does it affect me?
> Due to an increased rate of submissions, Symantec
> Security Response has upgraded this threat from a
> Category 3 to a Category 4 as of October 2, 2002.
> W32.Bugbear@mm is a mass-mailing worm. It can also
> spread through network shares. It has
> keystroke-logging and backdoor capabilities. The worm
> also attempts to terminate the processes of various
> antivirus and firewall programs.
>
> Security Response has seen that because the worm does
> not properly handle the network resource types, it may
> flood shared printer resources, which causes them to
> print garbage or disrupt their normal functionality.
>
> The subject and attachment name of incoming emails are
> randomly chosen. The attachment will have a double
> extension ending in .exe, .scr, or .pif.
>
> What action can I take from here?
> Symantec Security Response posted virus definitions to
> protect against this threat on September 30, 2002 (via
> LiveUpdate). All users of Norton AntiVirus who do not
> have up-to-date virus protection should immediately
> run LiveUpdate for protection from W32.Bugbear@mm.
>
> Virus definitions are available via the LiveUpdate
> feature in the Norton AntiVirus product or the
> Symantec Security Response Web site.
>
> Symantec Security Response encourages all Norton
> AntiVirus users to regularly download virus
> definitions in order to protect against future
> threats. For more information on how to run
> LiveUpdate, please click here.
>
> Sincerely,
>
> Symantec Security Response Team
> Symantec Corporation