302New Virus Information
- Oct 4, 2002Dear friends,
A new virus has appeared the last few days and seems to be spreading very
rapidly. It is apparently a variation of the "Klez" viruses that started
circulating last spring. I personally have received over 30 messages
containing this virus in the past four days. That quantity no doubt reflects
the fact that I have a pretty high public presence on the Net and am in lots
of people's address lists; but it suggests that the virus is widespread and
that many of you are also likely to receive it.
Like the previous Klez viruses, this virus can take advantage of a glitch in
old Windows systems to automatically open itself onto your computer. So if
you haven't updated your Windows 98, the usual advice -- "Do not open
strange email attachments" -- is not sufficient.
I recommend that you subscribe to some anti-virus program, such as Norton,
Symantec, or McAfee. I subscribe to McAfee's "VirusScan Online." It costs
$30/year and is quite convenient since it updates itself automatically every
few days (which is essential: an anti-virus program that is even a week out
of date will not catch this current virus, for example, because it was just
discovered a few days ago). I don't subscribe to McAfee's other programs
(firewall, anti-spam, etc.), but the virus risk is a serious one. Without an
anti-virus program you're almost bound to get a virus sooner or later. At
best it's a hassle (you have to debug your computer and then send out
warnings and apologies to everyone on your list); at worst, it could damage
or destroy your files.
As most of you are aware, two of the telltale signs of a virus hoax are that
it is not dated (and hence can continue circulating indefinitely) and that
it contains no reliable references to verify it. For verification of this
message, please see the notice below, sent to me today (Oct. 3) by McAfee.
You can go to their site for information on the virus. You can subscribe to
VirusScan Online by clicking the link at the bottom. For more general news
on this virus (referred to as "Bugbear"), see this article from ZDNet
Technology News: http://zdnet.com.com/2100-1105-960696.html
Two additional notes: I've noticed that the virus-containing messages are
almost invariably 70K or 71K in size. So if you use a web-based email system
that shows the size, you can delete such messages before downloading them.
Note also: Among other deviousnesses, the virus tends to falsify the return
address. So do not assume that a virus message seemingly sent from a certain
address means that the computer at that address is infected. That address
may simply have been gleaned from a computer that is infected.
** VIRUS ALERT - W32/Bugbear@MM **
** HIGH RISK **
McAfee.com has seen a large and growing number of computers
infected with W32/Bugbear@MM virus. The risk assessment has
been UPDATED TO HIGH for home and corporate users. Users
should update their anti-virus software as soon as possible.
W32/Bugbear@MM is a mass-mailing worm that attempts to send
itself to email addresses found on an infected system. It
also spreads through open network shares and has the ability
to send print jobs to printers found on an infected network.
The "from" field, subject line, message body, and attachment
all vary widely and may appear to be legitimate email.
The virus will attempt to disable various security products,
including anti-virus and personal firewall software.
It will also try to install a backdoor trojan that can capture
what the user types, including sensitive information such as
passwords. The trojan will also allow a hacker to upload
files from the infected system, download files onto the system,
run executable files and stop processes from running.
HOW TO GET MORE INFORMATION
McAfee.com will continue to update you on the latest details
of the W32/Bugbear@MM virus, click here for more information:
Protect your PC against Viruses. Buy VirusScan Online for