RootsWeb: CUBA-L Re: [CUBA-L] New Virus on the loose

CUBA-L Archives

Archiver > CUBA > 2002-10 > 1034449700

From: "enriquerasilla" <>
Subject: Re: [CUBA-L] New Virus on the loose
Date: Sat, 12 Oct 2002 14:08:20 -0500
References: <5.1.0.14.2.20021003193724.02cb1098@mail.attbi.com>

ENVIELA EN ESPAÑOL, PORFAVOR. GRACIAS (NO ES GRITO, MI TECLADO ANDAN MAL) ENRIQUE > Attention all CUBA-L subscribers. A new virus is on the loose. The > following information was provided by Rootsweb: > > 1. News and Notes: > ------------------ > 1a. Be Careful Out There. The Bugbear is no teddy bear. It is an e-mail > worm containing backdoor components that can allow an infected system to > be remotely compromised; it also includes the ability to kill antivirus > and firewall software, leaving infected systems wide open to further > attacks and lulling you into a false sense of security thinking your > system is virus-free. Genealogists have much more interesting things to > do than deal with an Internet worm with a Trojan horse, but such is life > online. > > Bugbear, which hit Great Britain and Australia users first on Monday, > September 30, according to news reports, is also known as Tanatos. It > arrives via e-mail with no distinct characteristics except that the > attached file is always 50,688 bytes long. The subject line and text are > stolen from existing e-mail it finds on an infected machine. Many > RootsWeb users are expressing concerns about this latest varmint because > unless you pay extra-careful attention you might think an e-mail with > the attached Bugbear worm is coming from a trusted genealogy friend, > family member, or from your favorite Mailing List. > > RootsWeb's Mailing Lists do not allow any attachments, but that doesn't > mean you won't receive something that will fool you into thinking the > message is from a RootsWeb Mailing List. This is one clever worm. There > are confirmed reports of Bugbear even forging some prepends commonly > used on many of our Mailing Lists. If you receive e-mail with an > attachment that appears to be from say [SURNAME-L] and you are not > subscribed to that Mailing List, that is a good indication that it is a > message with the Bugbear worm attached. Even if you are subscribed to a > certain list and there is an attachment, do not open it. > > Many of us are still fighting off the Klez worm, which steals and forges > our e-mail addresses and subject lines, and now along comes Bugbear and > the Opaserv worms. The latter is a network worm that was discovered > September 30 also. > > Are you at risk? You certainly are if you are a Windows user, and > especially if you use Microsoft Internet Explorer 5.01 or 5.5 browsers > and have not applied the patch found in MS01-020. > [Note: Copy and paste carefully; this is a 2-line URL:] > http://www.microsoft.com/technet/security/bulletin/ > MS01-020.asp?frame=true > > According to CNET News.com, a flaw in MIME (the multipurpose Internet > mail extensions) lets a malicious program attached to an e-mail message > execute (start) when the text of the message appears in Outlook or > Outlook Express (popular e-mail applications). The software problem was > patched by Microsoft almost 18 months ago, but it is obvious that many > genealogists have not updated their computers. Don't know what version > of Microsoft Internet Explorer you have? Launch the browser, click on > the Help menu and select About Internet Explorer to find out. > > To prevent infection, Windows users be sure your system is current: > http://windowsupdate.microsoft.com/default.htm > and everyone should update their antivirus software and refrain from > opening any attachment unless the sender confirms that he or she sent > it to you. The major antivirus (AV) software companies have updated > their files to include protection from Bugbear -- but you need to be > sure your AV is up-to-date. Moreover, don't rely exclusively on your AV > to protect you from every virus or worm that comes along. > > If you use Outlook or Outlook Express for your e-mail application, be > sure to set your VIEW options to show attachments. In Outlook Express > make sure that the Preview Pane option is off. In Outlook, under VIEW, > turn off the Auto Review and the Preview Pane. Some e-mail clients treat > Mailing List digests as separate attachments, but those will always have > the Mailing List digest request address as the FROM address and they > will have the digest volume and number in the subject line. However, be > wary, if attachment is exactly 50,688 bytes, it probably is the Bugbear. > > For additional tips and links, please see: Virus, Trojans, Worms: > http://helpdesk.rootsweb.com/announce.html#virus > E-mail headers: http://helpdesk.rootsweb.com/listadmins/headersfull.html > > > > Ed Elizondo <> > Administrator: Cuban Surname Query Bulletin Board > List Administrator: > > > > ==== CUBA Mailing List ==== > ~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~* > You have received this message because you are subscribed to the CUBA-L list. > To unsubscribe *DO NOT REPLY TO THIS MESSAGE*. Instead send an e-mail to > with only the word "unsubscribe" in the body of the message. >

This thread:

[CUBA-L] New Virus on the loose by Ed Elizondo <>

Re: [CUBA-L] New Virus on the loose by "enriquerasilla" <>