Olympus-OM
[Top] [All Lists]

[OM] Worm Warning For List and "Rich" <zuiko@xxxxxxxxxxxxxx>

Subject: [OM] Worm Warning For List and "Rich" <zuiko@xxxxxxxxxxxxxx>
From: "John A. Lind" <jlind@xxxxxxxxxxxx>
Date: Wed, 09 Oct 2002 21:42:14 -0500
Cc: "Rich" <zuiko@xxxxxxxxxxxxxx>
Rich,
Check your computer out very thoroughly! I just received an email containing the "BugBear" worm with the following headers and text body:

Received: from maynard.mail.mindspring.net [207.69.200.243] by apollo.spitfire.net with ESMTP
  (SMTPD32-6.06) id A19353800298; Wed, 09 Oct 2002 20:02:11 -0500
Received: from user-37kbat9.dialup.mindspring.com ([207.69.171.169] helo=redrock01)
        by maynard.mail.mindspring.net with smtp (Exim 3.33 #1)
        id 17zRjU-0007Nw-00; Wed, 09 Oct 2002 21:03:21 -0400
From:  "om@xxxxxxxxxxxxxxxx" <om@xxxxxxxxxx>
Subject:  Re: [OM] Fill-in Flash with Olympus Flashguns
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------9DD4X6RFIF3WOV"
Message-Id: <E17zRjU-0007Nw-00@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Oct 2002 21:03:21 -0400
X-RCPT-TO: <jlind@xxxxxxxxxxxx>
X-UIDL: 326613824
Status: U


I was very impressed with Thomas' chart, but I'm in Joel's camp on this
one=2E  I just stick my F280 on an OM-4t, slap it on SuperFP and shoot lik=
e
the photojournalists do=2E  It does a great job at tidy-ing up the shadows=
=2E=20
It's use was the primary reason I sold my OM4 and bought another OM4t=2E=20=


It's a very nice pr

I know it's not from Skip Williams; the mail server (maynard.mindspring.com) doesn't match his emails, but it does match yours. Given the subject line and content, it *must* be someone on this list, and you're the most likely candidate after a search of list email headers for the mail server name.

The BugBear is a very, very recent and particuarly nasty worm. It will block numerous virus scanning software from detecting it. See the following from AVERT's Virus Information Library for information related to BugBear:
  http://vil.nai.com/vil/content/v_99728.htm

Because of the AV software blocking this worm performs, McAfee has a separate utility to search for it on suspect machines called "Stinger" which is also available from AVERT:
  http://vil.nai.com/vil/stinger/

Posting this to the list as there is some possibility it may not be your machine, but likelihood it's someone on the list is about as close to 100% as it can get.

To all list members:
If you're running a "PC" with Windows, update your AV software to the most current AV "engine" and "data" files. This thing was discovered 30 September 2002! It's been "in the wild" for barely more than a week and is running rampant.

-- John


< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >


<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz