From: "Ralph Anderson" <>
Subject: Re: [ZA] THE EMAIL VIRUS - Bugbear / Tanatos
Date: Thu, 3 Oct 2002 09:22:33 +0200
References: <NDBBKLFHGKFDDFJFLNPMKEHNFAAA.paultt@onetel.net.uk>
I have also been getting annoying e-mails and the last may give a clue as to the source. It was from "Roots Web Review", and the subject was "Roots Web Review. Vol 5 No.7 13 Feb 2002" When I opened it a notice appeared the same as normally receive when opening an attachment, and was headed "Opening C:\Windows\Temp\Book 1.mdb [1].scr". On cancelling this notice my screen was FROZEN and all I could do was to RESTART my computer and re-calling Outlook Express gave me the opportunity to DELETE the item. This same phenomena has happened to several previous e-mails and another this same morning was labelled ALBATROS WEB PAGE. What I can't understand is why these have not been picked up by either my own virus protection or that of MWeb. Admittedly, because I do have the latter protection, I have not updated my own recently.
Ralph.
----- Original Message -----
From: Paul Tanner-Tremaine
To:
Sent: Wednesday, October 02, 2002 3:43 PM
Subject: [ZA] THE EMAIL VIRUS - Bugbear / Tanatos
The Virus that is doing the rounds is rather a nasty. It has the
capabilities of doing mass-mailings from a pc, recording your keystrokes to
get your passwords, etc, and sends them off to the hacker. It can also play
havoc with networks and network printers. It changes it's own name and file
names at random, and will send random emails with random content - that's
why we are seeing funny emails.
It first appeared in the wild on 30th of September 2002, and if you received
it, it checked to see if you had a firewall or antvirus software running
that did not identify it, and shut those applications down! Nearly all the
anti-virus companies put out warnings and a fix to their software within a
day or two, and you MUST update your antivirus software to stop further
attacks.
If your pc has been infected, it can be cured quite easily. Visit either of
these two sites for a description of the worm, and how to manually fix your
system.
http://www.f-secure.com/v-descs/tanatos.shtml
http://securityresponse.symantec.com/avcenter/venc/data/ type="text/javascript">DisplayMail('mm.html','w32.bugbear');
It appears to be prevalent in the rootsweb community at the moment - from
what I have read and seen on the other mailing lists, most of the initial
emails seem to have come from the .au and .nz areas, and now also the .uk
community, besides the .za lists. Followed the sun on the 30th, by the
looks of things..
If any weird email arrives that has an unexpected attachment, zap it without
opening it. I have had attachments Cock.FTW.EXE, testing.mdb.scr,
readme.scr, Thesaur.lex.exe, ASB BANK.htm.pif, plus some what look like half
finished genealogy emails. Anything from an unknown sender, with a funny
attachment - delete it quick, without opening the attachment!
Paul Tanner-Tremaine
e-mail: mailto:
Web page at http://members.tripod.com/paul_tannertremaine/
formerly in sunny Westville, Natal Coast, South Africa, now in
Wokingham, Berkshire, UK.
searching : AYLWARD; BOWKER; BRABBIN; MITFORD; MONKHOUSE; OSBALDESTON;
PENN; IRISH; DAVID; HEYWOOD; PARKS and TANNER-TREMAINE, among others....
==== SOUTH-AFRICA Mailing List ====
**********************************************************
To access the South African Genealogy List Archives go to:
http://searches.rootsweb.com/cgi-bin/listsearch.pl
and then type in South-Africa and hit the submit button.
{Don't forget the hyphen (-) in South-Africa}