Make a Donation

Consider making a donation to support SHAKSPER.

Subscribe to Our Feeds

Current Postings RSS

Announcements RSS

Home :: Archive :: 2003 :: April ::
Re: Virus
The Shakespeare Conference: SHK 14.0679  Tuesday, 8 April 2003

From:           Robin Hamilton <
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 >
Date:           Monday, 7 Apr 2003 15:50:57 +0100
Subject: 14.0666 Virus
Comment:        Re: SHK 14.0666 Virus

Hardy said (quite rightly):

>Once again I had nothing to do with this and in this case SHAKSPER's
>listserv software did NOT send out the messages.

Indeed.

"The worm can pick up old e-mail messages from an infected system and
send them to random e-mail addresses. In addition, the worm gathers
e-mail addresses from the infected computer's hard drive and uses them
to forge the sender (the "From:" line) of the e-mail. So, the recipients
of email with Bugbear-infected attachments seem to get it from someone
who was not the actual sender (and is not the real Bugbear victim)."

http://www.europe.f-secure.com/bugbear/

What it comes down to is, that someone on SHAKSPER is infected with the
Bugbear virus, but this is transmitting independently of the list.

>I can only repeat that anyone who uses e-mail should never open
>attachments and simply delete anything that looks in the least bit
>suspicious.

Actually, it's worse than that:

"Bugbear is a Windows mass mailer, spreading itself in infected e-mail
attachments, sometimes executing the attachment automatically"

-- so that you don't even +need+ to open the Attachment to get infected.
All you need to do is open the email itself, and OE sometimes does this
automatically.

(I should know -- I NEVER open Attachments, but I still got hit.)

To check to see if you have the virus:

http://security.symantec.com/ssc/home.asp?langid=ie&venid=sym&plfid=20&pkj=U
SBFPWFYJOKMFIDPMSV

-- click on "Scan for Viruses"

If you turn out to have the virus, go here for the Symantec
Bugbear-buster:

http://securityresponse.symantec.com/avcenter/venc/data/
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 

Oddly, this is a blast from the past -- the current threat-rating of
Bugbear is "Low".

But I'd urge everyone on the list to run the Symantec check -- it's
easy, and doesn't take too long.

I don't +think+ I passed it on -- there was maybe a half-hour window
between when I received the email on Saturday night and realised that I
might have been infected by a rogue pseudo-SHAKSPER post, to my killing
the virus.  I don't think that would have been enough time for Bugbear
to get to my own Address Book and replicate itself.

But better safe than sorry, so check, people.

Robin Hamilton

_______________________________________________________________
S H A K S P E R: The Global Shakespeare Discussion List
Hardy M. Cook, 
 This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 
The S H A K S P E R Web Site <http://www.shaksper.net>

DISCLAIMER: Although SHAKSPER is a moderated discussion list, the
opinions expressed on it are the sole property of the poster, and the
editor assumes no responsibility for them.
 

Other Messages In This Thread

©2011 Hardy Cook. All rights reserved.