Her står lidt om denne virus:
vh kirsten
'RootsWeb Review, Vol. 5, No. 40, 2 October 2002
Be Careful Out There. The Bugbear is no teddy bear. It is an e-mail
worm containing backdoor components that can allow an infected system to
be remotely compromised; it also includes the ability to kill antivirus
and firewall software, leaving infected systems wide open to further
attacks and lulling you into a false sense of security thinking your
system is virus-free. Genealogists have much more interesting things to
do than deal with an Internet worm with a Trojan horse, but such is life
online.
Bugbear, which hit Great Britain and Australia users first on Monday,
September 30, according to news reports, is also known as Tanatos. It
arrives via e-mail with no distinct characteristics except that the
attached file is always 50,688 bytes long. The subject line and text are
stolen from existing e-mail it finds on an infected machine. Many
RootsWeb users are expressing concerns about this latest varmint because
unless you pay extra-careful attention you might think an e-mail with
the attached Bugbear worm is coming from a trusted genealogy friend,
family member, or from your favorite Mailing List.
RootsWeb's Mailing Lists do not allow any attachments, but that doesn't
mean you won't receive something that will fool you into thinking the
message is from a RootsWeb Mailing List. This is one clever worm. There
are confirmed reports of Bugbear even forging some prepends commonly
used on many of our Mailing Lists. If you receive e-mail with an
attachment that appears to be from say [SURNAME-L] and you are not
subscribed to that Mailing List, that is a good indication that it is a
message with the Bugbear worm attached. Even if you are subscribed to a
certain list and there is an attachment, do not open it.
Many of us are still fighting off the Klez worm, which steals and forges
our e-mail addresses and subject lines, and now along comes Bugbear and
the Opaserv worms. The latter is a network worm that was discovered
September 30 also.
Are you at risk? You certainly are if you are a Windows user, and
especially if you use Microsoft Internet Explorer 5.01 or 5.5 browsers
and have not applied the patch found in MS01-020.
[Note: Copy and paste carefully; this is a 2-line URL:]
http://www.microsoft.com/technet/security/bulletin/
MS01-020.asp?frame=true
According to CNET News.com, a flaw in MIME (the multipurpose Internet
mail extensions) lets a malicious program attached to an e-mail message
execute (start) when the text of the message appears in Outlook or
Outlook Express (popular e-mail applications). The software problem was
patched by Microsoft almost 18 months ago, but it is obvious that many
genealogists have not updated their computers. Don't know what version
of Microsoft Internet Explorer you have? Launch the browser, click on
the Help menu and select About Internet Explorer to find out.
To prevent infection, Windows users be sure your system is current:
http://windowsupdate.microsoft.com/default.htm
and everyone should update their antivirus software and refrain from
opening any attachment unless the sender confirms that he or she sent
it to you. The major antivirus (AV) software companies have updated
their files to include protection from Bugbear -- but you need to be
sure your AV is up-to-date. Moreover, don't rely exclusively on your AV
to protect you from every virus or worm that comes along.
If you use Outlook or Outlook Express for your e-mail application, be
sure to set your VIEW options to show attachments. In Outlook Express
make sure that the Preview Pane option is off. In Outlook, under VIEW,
turn off the Auto Review and the Preview Pane. Some e-mail clients treat
Mailing List digests as separate attachments, but those will always have
the Mailing List digest request address as the FROM address and they
will have the digest volume and number in the subject line. However, be
wary, if attachment is exactly 50,688 bytes, it probably is the Bugbear.
For additional tips and links, please see: Virus, Trojans, Worms:
http://helpdesk.rootsweb.com/announce.html#virus
E-mail headers:
http://helpdesk.rootsweb.com/listadmins/headersfull.html
----- Original Message -----
From: Arne Feldborg
Newsgroups: dk.videnskab.historie.genealogi
Sent: Friday, October 04, 2002 7:58 AM
Subject: Vedr: F=E6lles aner
Jeg har her til morgen fået mindst en halv snes e-mails fra andre
slægstforskere, der undrer sig over en mail de tilsyneladende har
modtaget fra min adresse. Samt over 25 "returnerede" mails, som er
blevet afvist af forskellige servere rundt omkring.
Jeg kan oplyse, at jeg ikke har sendt den pågældende mail. Og at den med
sikkerhed heller ikke er sendt fra en @haunstrup.dk adresse overhovedet.
Det er en typisk virus-mail, hvor virusen tager er tilfældigt navn som
FROM: adresse. I det her tilfælde endda en konstrueret adresse, som jeg
aldrig selv har brugt (as.dk@haunstrup.dk).
Det er tilsyneladende en Arne Sørensen, der (formentlig uden selv at
vide det) har sendt disse virus-mails.
Hvis andre skulle modtage disse mails, så vær opmærksom på at det ikke
bare er en virus der har sendt dem - men virusen har også sendt sig selv
med som vedhæftet fil!
Slet dem, og undlad venligst at "returnere" dem til min adresse.
--
mvh, A:\Feldborg
http://www.haunstrup.dk/feldborg/genealogi/opslag/
http://www.haunstrup.dk/feldborg/genealogi/download/