Re: Possible new Bugbear

From: Joe Miller (joseph-p-miller_at_cox.net)
Date: 02/04/04

Next message: James C Slora Jr: "RE: Possible new Bugbear"

Previous message: KeyFocus: "Re: Type od DDoS in MyDoom????"
Next in thread: James C Slora Jr: "RE: Possible new Bugbear"
Reply: James C Slora Jr: "RE: Possible new Bugbear"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Joe Miller <joseph-p-miller@cox.net>, incidents@securityfocus.com, aztechlist@yahoogroups.com, kmiller210@cox.net, bruce.burton@shawgrp.com, joe.miller@shawgrp.com
Date: Wed, 4 Feb 2004 12:52:13 -0500

Sorry folks, it's not a new variant but it appears as though it is a new attempt at spreading this ancient worm.

============================================================
From: Joe Miller <joseph-p-miller@cox.net>
Date: 2004/02/04 Wed PM 12:34:10 EST
To: incidents@securityfocus.com, aztechlist@yahoogroups.com, kmiller210@cox.net, bruce.burton@shawgrp.com, joe.miller@shawgrp.com
Subject: Possible new Bugbear

All,
Please be aware of emails with this Subject and message:

From: "Southwest Airlines"
Subject: Ticketless Travel Passenger Itinerary

************ !!! IMPORTANT NOTICE !!! ************
** BRING A COPY OF THIS ITINERARY WITH YOU TO **
** THE AIRPORT FOR FLIGHT CHECKIN.

Download Attachment: addresses.xls.exe

I received this email that I thought was in error from Southwest Airlines.

I've never heard of BugBear coming from spoofed airlines or COX (@cox.com) email addresses so please bare with me:
It was a flight itinerary so I clicked Reply to inform them that I was th wrong person and noticed something strange about the reply address "Southwest Airlines"(no-reply@updates.cox.com) <AND> there was an attachment with two file extensions called addresses.xls[1].exe
Knowing that it was a virus I opened it with a PC that I could take off the network if it was MiMail, Bugbear or any other worm. McAfee detected it as W32/Bugbear.b.dam and was not able to clean, delete nor move the file.

Is this a new variant of Bugbear?

Good day,
Joe Miller
============================================================

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: James C Slora Jr: "RE: Possible new Bugbear"

Previous message: KeyFocus: "Re: Type od DDoS in MyDoom????"
Next in thread: James C Slora Jr: "RE: Possible new Bugbear"
Reply: James C Slora Jr: "RE: Possible new Bugbear"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]