Just 2 let y'all know... there's some evil shit goin' down. Hope u avoid this one! Read on:



===
McAfee Security VIRUS ALERT
===

The W32/Bugbear@MM Worm is spreading - AVERT risk assessment is HIGH

===

The risk assessment of this threat has been raised to High due to the continuing increase in prevalence. McAfee's VirusScan ASaP subscribers are protected with the 4226 DAT, released 9/30/02. More information about W32/Bugbear@MM can be found on McAfee's Security HQ at http://hq.mcafeeasap.com/...s_k=99728.

WHAT IS IT?

This worm emails itself to addresses found on the local system. The virus code contains email subject strings and attachment names. However, the majority of samples received contain information not present in the virus, suggesting that there is a higher probability of the virus using words and filenames contained on the infected system.

This worm has the ability to spoof, or forge, the 'From:' field. Additionally the virus can use a fabricated from address, by taking the name before the "@" sign of one address, and the domain name after the "@" sign of another address. (ie. name1@domain1.com + name2@domain2.com = name1@domain2.com).

It is common for the attachment name to contain a double-extension (ie. .doc.pif). Outgoing messages look to make use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability (MS01-020) in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).

This virus is written in MSVC and packed with UPX. It spreads via network shares and by emailing itself. It also contains a backdoor trojan component that contains keylogging functionality.

SYMPTOMS

· Port 36794 open
· Existence of the following files (* represents any character):
o %WinDir%\System\***.EXE (50,688 or 50,684 bytes)
o %WinDir%\***.DAT
o %WinDir%\***.DAT
o %WinDir%\System\***.DLL
o %WinDir%\System\***.DLL
o %WinDir%\System\***.DLL
· Large Print jobs sent to network printer.

Sincerely,

McAfee Security

Network Associates, McAfee and VirusScan are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered or unregistered trademarks in this document are the sole property of their respective owners.

© 2002 Networks Associates Technology, Inc. All rights reserved.

Much love,

Can I get it from posting to this thread?

Not if u wear a condom while reading this thread!

i got 2 emails already today infected with this virus.Luckily I'm behind a firewall here at work,cause it deleted the files before I could open them.
Let's be careful out there...

Everyone should read this and heed it's warning.

Beware the geeks, they'll get u everytime!

Sheesh don't sweat it, just another lame worm on the loose. Get yourselves a decent virus checker and keep it up to date. Or, don't use use Windows / Outlook / Internet Explorer.

I'm still getting people sending me Klez, Yaha and Sircam on a daily basis