Ross or others in OZ,
Help! Do any of you have a correct e-mail address for Liz Knight or Bentley
Lodge Goulburn. My reply to
goscory@smh.com.au, the e-mail address given in
the original message, was returned as "Undeliverable: User Unknown." If you
do, please forward this correspondence directly to them. Thanks!
Apologies to those on this list who are unaffected, who didn't receive the
original message or the virus, who don't care, or who are irritated at the
bandwidth this correspondence is using. I hope you all know I am just
trying to be helpful by alerting everyone of a potential awful problem.
Thanks to all of you for your patience and understanding.
Larry
-----Original Message-----
From: Larry Pate [mailto:
larry@pate.org]
Sent: Friday, June 06, 2003 5:59 PM
To:
goscory@smh.com.au;
Mg-Tabc@Yahoogroups.Com
Subject: FW: [mg-tabc] VIRUS ALERT
To: Liz Knight, Bentley Lodge Goulburn,
mg-tabc@yahoo.com list members
You may be unaware that I and several other people on the
mg-tabc@yahoo.com
mailing list (and perhaps others too) inadvertently received a message you
sent today to "Lesley" as a result of a computer virus that has apparently
infected your system just in the last two days. Please see correspondence
below. One of the people on the list has identified the virus you sent as
the "Bug Bear" virus. I checked Symantec Security Response's web site and
learned that the new W32.Bugbear.B@mm worm was first discovered on 4 June
2003, just two days ago. Information on this virus is available at the
following site:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.htm
l
Symantec says the new W32.Bugbear.B@mm worm is:
"A variant of W32.Bugbear@mm.
A mass-mailing worm that also spreads through network shares.
Polymorphic and also infects a select list of executable files.
Possesses keystroke-logging and Backdoor capabilities.
Attempts to terminate the processes of various antivirus and firewall
programs."
"The worm uses the Incorrect MIME Header Can Cause IE to Execute E-mail
Attachment (see
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-020.asp) vulnerability to cause unpatched systems to
auto-execute the worm when reading or previewing an infected message."
"Because the worm does not properly handle the network resource types, it
may flood shared printer resources, which causes them to print garbage or
disrupt their normal functionality."
"Symantec Security Response has created a tool
(
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear.b@mm.re
moval.tool.html) to remove W32.Bugbear.B@mm, which is the easiest way to
remove this threat."
Therefore,
PLEASE TURN OFF YOUR COMPUTER AND HAVE IT THOROUGHLY CHECKED BEFORE YOU SEND
ANY MORE MESSAGES. YOU COULD BE TRANSMITTING VERY PERSONAL AND PRIVATE
INFORMATION TO UNKNOWN SOURCES. YOU COULD ALSO BE SPREADING THE VIRUS TO
OTHERS IF THEY OPEN THE ATTACHMENT SENT AS A RESULT OF THE VIRUS.
Finally, on a personal note, I once had a computer that was infected with
the equally nasty MAGISTR virus and it was a nightmare for me when I learned
of the sensitive information that the virus was causing to be sent without
my knowledge to random names in my address book.
Good luck!
Larry Pate
-----Original Message-----
From: ssuklis [mailto:
ssp15@attbi.com]
Sent: Friday, June 06, 2003 5:07 PM
To:
mg-tabc@yahoogroups.com; Larry Pate
Cc:
Richard.F.Lange@Boeing.com
Subject: Re: [mg-tabc] VIRUS ALERT
Larry:
I got it too.....twice today. You're right. Norton Antivirus says it's the
"Bug bear" virus. Nasty.
Best,
Sam
-----Original Message-----
From: Larry Pate [mailto:
larry@pate.org]
Sent: Friday, June 06, 2003 4:32 PM
To:
mg-tabc@yahoogroups.com
Cc:
Richard.F.Lange@Boeing.com
Subject: [mg-tabc] VIRUS ALERT
Dear Friends,
Some of you may have received the same bizarre e-mail message that I
received (see below) from "Bentley Lodge Goulburn "
regarding the booking of a TC for some "Classic Experience" package. The
message probably would have been sent to you directly, as mine was, not
through
mg-tabc@yahoogroups.com. If so, and if you find it contains an
attachment, DO NOT OPEN THE ATTACHMENT. The attachment to the message I
received contained a .scr file that was infected with a virus. I do not
know the sender, have never communicated with them, have never even heard of
this service they say they are offering, and my name isn't "Lesley," the
person the message was purportedly directed to. The business may be
legitimate; it may not be. However, the important point is that the message
may contain an executable or filtered attachment that, if opened, could
corrupt your computer and cause you to unknowingly infect others with the
virus. The sender may not even be aware of the virus, particularly if it is
one of the more nasty viruses, like KLEZ or MAGISTR. In any case, I wanted
to alert all of you to the potential problem since it is reasonable to have
come from someone associated with this list. I have pasted the message
below with full header information (without the attachment, of course) for
those who have more computer knowledge and savy than I have.
Best,
Larry
Return-Path:
Received: from mta04.mail.mel.aone.net.au ([203.2.192.84] verified)
by vel.net (CommuniGate Pro SMTP 4.0.6)
with ESMTP id 15001009 for
larry@pate.org; Fri, 06 Jun 2003 00:50:16 -0700
Received: from [210.84.50.250] by mta04.mail.mel.aone.net.au with SMTP
id
;
Fri, 6 Jun 2003 17:49:32 +1000
From: "Bentley Lodge Goulburn"
Subject: Re: InterBed Booking Enquiry for Bentley Lodge
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------N0HBY0980CXR2M"
Message-Id:
Date: Fri, 6 Jun 2003 17:50:03 +1000
Hi Lesley
We have availability for that date. The MGTC is already booked for that
day, so we only have the Mercedex and the Lotus 7 available. Please advise
asap if you require either of these vehicles.
Check in for the "Classic Experience" package is 10:30 am Saturday, using
the vehicle that day, dinner, accommodation overnight and breakfast the
following morning. Check out is at 10:00 am Sunday.
Please advise your requirements.
Regards
liz Knight
----- Original Message -----
F