Clusterheadaches.com Message Board
        (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
      

        New Message Board Archives >> 2002 Posts >> SECURITY ALERT!!!!!!!!!!!!!
        
(Message started by: Svenn on Oct 1st, 2002, 3:12pm)
Title: SECURITY ALERT!!!!!!!!!!!!!
Post by Svenn on Oct 1st, 2002, 3:12pm
SECURITY ALERT
***************************************************

NYHETER

W32.BUGBEAR@MM
Due to an increased rate of submissions, Symantec Security Response has upgraded W32.Bugbear@mm to a Category 3 threat.

W32.Bugbear@mm is a mass-mailing worm. It can also spread through Network shares. It has backdoor capabilities. The worm will also attempt to terminate the processes of various antivirus and firewall programs.

The subject, message and attachment name of the email appears to be taken from the infected system. The attachment file has two extensions, the second extension is .scr, .pif, or .exe.

For more information please see http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html




W32.OPASERV.WORM
Due to an increased rate of submissions, Symantec Security Response has upgraded W32.Opaserv.Worm to a Category 3 threat.

W32.Opaserv.Worm is a network-aware worm which attempts to replicate across open shares. The worm specifically targets \\machinename\c shares. This worm also attempts to download updates from www.opasoft.com, although the site may have already been shut down. Indicators of infection include:

The existence of scrsin.dat and scrsout.dat in the root directory of the c: drive indicating a local infection (worm was executed on the local machine) The existence of tmp.ini in the root directory of the c: drive indicating a remote infection (infected by a remote host) HKLM\Software\Microsoft\Windows\Current Version\Run contains a string value named ScrSvr or ScrSvrOld which is set to "c:\tmp.ini"

For additional information, please see http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html






********************************************
www.symantec.no

Got this message from Symantec by e-mail 5 minutes ago

Svenn
Title: Re: SECURITY ALERT!!!!!!!!!!!!!
Post by Charlie on Oct 1st, 2002, 5:58pm
Thanks Svenn:

Got one I think is a fraud that asked be to insert a "fix" in my files. Somehow that seemed not a good idea. I found it listed as fraudulent at Symantic.

Man, sure you're not posting in Norwegian?  whew

Charlie
Title: Re: SECURITY ALERT!!!!!!!!!!!!!
Post by Svenn on Oct 4th, 2002, 4:10am
W32.Bugbear@mm  
Discovered on: September 30, 2002
Last Updated on: October 3, 2002 05:13:22 PM PDT


   

   


NOTE: Due to an increased rate of submissions, Symantec Security Response has upgraded this threat from a Category 3 to a Category 4 as of October 2, 2002.

W32.Bugbear@mm  
Discovered on: September 30, 2002
Last Updated on: October 3, 2002 05:13:22 PM PDT
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html

   

   
Title: Re: SECURITY ALERT!!!!!!!!!!!!!
Post by Ree on Oct 4th, 2002, 7:16am
thanks Svenn... and have a great PF day... ree
Title: Re: SECURITY ALERT!!!!!!!!!!!!!
Post by Svenn on Oct 5th, 2002, 4:18am


W32.Bugbear@mm Removal Tool

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html

Here is something that might help those who are infected


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.