BugBear Virus: IP Cleariong House 
Author Message
 BugBear Virus: IP Cleariong House

Hi,

    First: If you discover you were unfortunate enough to have
contracted a virus that has attacked people on the newsgroups, please
post to let us know.

    Just a suggestion: Anyone who has been attacked by the BugBear virus

with newsgroup related text, please put header information for the first

source here ("lowest" "received from" information). At least that should

tell us which mail server it's coming from. Below is one of the BugBears

that happened to have my name attached to it (received by Larry Sand).

Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
        by velli.mail.jippii.net (Postfix) with SMTP
        id E4E6B83362; Wed,  6 Nov 2002 21:42:52 +0200 (EET)

... Just a few notes: It came from EET, which runs from the western part

of Africa, through Israel and parts of Russia. The admin. info for this
IP is:

Juha Kamppi
Wireless Network Services WNS OY
Annankatu 44
FIN-00100 Helsinki
Finland
phone: +358 45 6700232
fax: +358 9 43982563

... Techincal contact info:

Jari-Petteri Levo
Jippii Group Oyj
Annankatu 44 third floor
FIN-00100 Helsinki
FI
phone: +358 45 6700 622
fax: +358 9 4398 2509

SUGGESTION: Do not contact the above people until we know several
attacks came from them. Note: I don't know if BugBear can SPOOF an IP or

not. If it can't, then when we are sure it is originating from there, we

should notify the above with as much info as possible about the specific

emails involved. Hopefully, that'll give them enough information to
notify their user.

    Regards,

    kurtt

    Kurt Pawlikowski
    The Pinrod Corporation

    (773) 284-9500
    http://www.*-*-*.com/



Fri, 29 Apr 2005 03:55:51 GMT  
 BugBear Virus: IP Cleariong House
Note: The EET zone runs up the EASTERN side of Africa...

    Regards,

    kurtt

    Kurt Pawlikowski
    The Pinrod Corporation

    (773) 284-9500
    http://pinrod.com



Fri, 29 Apr 2005 04:00:02 GMT  
 BugBear Virus: IP Cleariong House
I just got one but deleted it without looking at it and ran norton's
fixbgbear.exe to clean every thing.
jim kane


Quote:
> Hi,

>     First: If you discover you were unfortunate enough to have
> contracted a virus that has attacked people on the newsgroups, please
> post to let us know.

>     Just a suggestion: Anyone who has been attacked by the BugBear virus

> with newsgroup related text, please put header information for the first

> source here ("lowest" "received from" information). At least that should

> tell us which mail server it's coming from. Below is one of the BugBears

> that happened to have my name attached to it (received by Larry Sand).

> Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
>         by velli.mail.jippii.net (Postfix) with SMTP
>         id E4E6B83362; Wed,  6 Nov 2002 21:42:52 +0200 (EET)

> ... Just a few notes: It came from EET, which runs from the western part

> of Africa, through Israel and parts of Russia. The admin. info for this
> IP is:

> Juha Kamppi
> Wireless Network Services WNS OY
> Annankatu 44
> FIN-00100 Helsinki
> Finland
> phone: +358 45 6700232
> fax: +358 9 43982563

> ... Techincal contact info:

> Jari-Petteri Levo
> Jippii Group Oyj
> Annankatu 44 third floor
> FIN-00100 Helsinki
> FI
> phone: +358 45 6700 622
> fax: +358 9 4398 2509

> SUGGESTION: Do not contact the above people until we know several
> attacks came from them. Note: I don't know if BugBear can SPOOF an IP or

> not. If it can't, then when we are sure it is originating from there, we

> should notify the above with as much info as possible about the specific

> emails involved. Hopefully, that'll give them enough information to
> notify their user.

>     Regards,

>     kurtt

>     Kurt Pawlikowski
>     The Pinrod Corporation

>     (773) 284-9500
>     http://pinrod.com



Fri, 29 Apr 2005 11:04:51 GMT  
 BugBear Virus: IP Cleariong House
I received 2

A:
From:  XXXXXXXXXXXXXXX(I Have omited this)
Subject: Re: help with locator I'm a cw5 novice user
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004"

Date: Sat,  9 Nov 2002 21:59:19 +0200
To: undisclosed-recipients:;

B:
From: XXXXXXXXXXXXXX(I Have omited this)
Subject: Re: Multilanguage App
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R"

Bcc:
Date: Sat, 09 Nov 2002 12:40:05 -0800


Quote:
> Hi,

>     First: If you discover you were unfortunate enough to have
> contracted a virus that has attacked people on the newsgroups, please
> post to let us know.

>     Just a suggestion: Anyone who has been attacked by the BugBear virus

> with newsgroup related text, please put header information for the first

> source here ("lowest" "received from" information). At least that should

> tell us which mail server it's coming from. Below is one of the BugBears

> that happened to have my name attached to it (received by Larry Sand).

> Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
>         by velli.mail.jippii.net (Postfix) with SMTP
>         id E4E6B83362; Wed,  6 Nov 2002 21:42:52 +0200 (EET)

> ... Just a few notes: It came from EET, which runs from the western part

> of Africa, through Israel and parts of Russia. The admin. info for this
> IP is:

> Juha Kamppi
> Wireless Network Services WNS OY
> Annankatu 44
> FIN-00100 Helsinki
> Finland
> phone: +358 45 6700232
> fax: +358 9 43982563

> ... Techincal contact info:

> Jari-Petteri Levo
> Jippii Group Oyj
> Annankatu 44 third floor
> FIN-00100 Helsinki
> FI
> phone: +358 45 6700 622
> fax: +358 9 4398 2509

> SUGGESTION: Do not contact the above people until we know several
> attacks came from them. Note: I don't know if BugBear can SPOOF an IP or

> not. If it can't, then when we are sure it is originating from there, we

> should notify the above with as much info as possible about the specific

> emails involved. Hopefully, that'll give them enough information to
> notify their user.

>     Regards,

>     kurtt

>     Kurt Pawlikowski
>     The Pinrod Corporation

>     (773) 284-9500
>     http://pinrod.com



Fri, 29 Apr 2005 15:35:46 GMT  
 BugBear Virus: IP Cleariong House
I also received the Multi-language App email but deleted it before I saw
this thread.  I tried to trace the sender from the email header but the
address was no good.

Can bugbear scavenge email addresses from an infected computer's newsgroup
files?

Brad Kunkel
www.ibisoftware.com


Quote:
> I received 2

> A:
> From:  XXXXXXXXXXXXXXX(I Have omited this)
> Subject: Re: help with locator I'm a cw5 novice user
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004"

> Date: Sat,  9 Nov 2002 21:59:19 +0200
> To: undisclosed-recipients:;

> B:
> From: XXXXXXXXXXXXXX(I Have omited this)
> Subject: Re: Multilanguage App
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R"

> Bcc:
> Date: Sat, 09 Nov 2002 12:40:05 -0800



> > Hi,

> >     First: If you discover you were unfortunate enough to have
> > contracted a virus that has attacked people on the newsgroups, please
> > post to let us know.

> >     Just a suggestion: Anyone who has been attacked by the BugBear virus

> > with newsgroup related text, please put header information for the first

> > source here ("lowest" "received from" information). At least that should

> > tell us which mail server it's coming from. Below is one of the BugBears

> > that happened to have my name attached to it (received by Larry Sand).

> > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
> >         by velli.mail.jippii.net (Postfix) with SMTP
> >         id E4E6B83362; Wed,  6 Nov 2002 21:42:52 +0200 (EET)

> > ... Just a few notes: It came from EET, which runs from the western part

> > of Africa, through Israel and parts of Russia. The admin. info for this
> > IP is:

> > Juha Kamppi
> > Wireless Network Services WNS OY
> > Annankatu 44
> > FIN-00100 Helsinki
> > Finland
> > phone: +358 45 6700232
> > fax: +358 9 43982563

> > ... Techincal contact info:

> > Jari-Petteri Levo
> > Jippii Group Oyj
> > Annankatu 44 third floor
> > FIN-00100 Helsinki
> > FI
> > phone: +358 45 6700 622
> > fax: +358 9 4398 2509

> > SUGGESTION: Do not contact the above people until we know several
> > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or

> > not. If it can't, then when we are sure it is originating from there, we

> > should notify the above with as much info as possible about the specific

> > emails involved. Hopefully, that'll give them enough information to
> > notify their user.

> >     Regards,

> >     kurtt

> >     Kurt Pawlikowski
> >     The Pinrod Corporation

> >     (773) 284-9500
> >     http://pinrod.com



Sat, 30 Apr 2005 01:23:00 GMT  
 BugBear Virus: IP Cleariong House
Brad,

    Donno. But, I wouldn't be surprised if there was a variant that could.

    Regards,

    kurtt

    Kurt Pawlikowski
    The Pinrod Corporation

    (773) 284-9500
    http://pinrod.com

Quote:

> I also received the Multi-language App email but deleted it before I saw
> this thread.  I tried to trace the sender from the email header but the
> address was no good.

> Can bugbear scavenge email addresses from an infected computer's newsgroup
> files?

> Brad Kunkel
> www.ibisoftware.com



> > I received 2

> > A:
> > From:  XXXXXXXXXXXXXXX(I Have omited this)
> > Subject: Re: help with locator I'm a cw5 novice user
> > MIME-Version: 1.0
> > Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004"

> > Date: Sat,  9 Nov 2002 21:59:19 +0200
> > To: undisclosed-recipients:;

> > B:
> > From: XXXXXXXXXXXXXX(I Have omited this)
> > Subject: Re: Multilanguage App
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R"

> > Bcc:
> > Date: Sat, 09 Nov 2002 12:40:05 -0800



> > > Hi,

> > >     First: If you discover you were unfortunate enough to have
> > > contracted a virus that has attacked people on the newsgroups, please
> > > post to let us know.

> > >     Just a suggestion: Anyone who has been attacked by the BugBear virus

> > > with newsgroup related text, please put header information for the first

> > > source here ("lowest" "received from" information). At least that should

> > > tell us which mail server it's coming from. Below is one of the BugBears

> > > that happened to have my name attached to it (received by Larry Sand).

> > > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
> > >         by velli.mail.jippii.net (Postfix) with SMTP
> > >         id E4E6B83362; Wed,  6 Nov 2002 21:42:52 +0200 (EET)

> > > ... Just a few notes: It came from EET, which runs from the western part

> > > of Africa, through Israel and parts of Russia. The admin. info for this
> > > IP is:

> > > Juha Kamppi
> > > Wireless Network Services WNS OY
> > > Annankatu 44
> > > FIN-00100 Helsinki
> > > Finland
> > > phone: +358 45 6700232
> > > fax: +358 9 43982563

> > > ... Techincal contact info:

> > > Jari-Petteri Levo
> > > Jippii Group Oyj
> > > Annankatu 44 third floor
> > > FIN-00100 Helsinki
> > > FI
> > > phone: +358 45 6700 622
> > > fax: +358 9 4398 2509

> > > SUGGESTION: Do not contact the above people until we know several
> > > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or

> > > not. If it can't, then when we are sure it is originating from there, we

> > > should notify the above with as much info as possible about the specific

> > > emails involved. Hopefully, that'll give them enough information to
> > > notify their user.

> > >     Regards,

> > >     kurtt

> > >     Kurt Pawlikowski
> > >     The Pinrod Corporation

> > >     (773) 284-9500
> > >     http://pinrod.com



Sat, 30 Apr 2005 01:28:54 GMT  
 
 [ 9 post ] 

 Relevant Pages 

1. just recieved a new virus W32/Bugbear@MM Virus Found

2. For Jeremy Suiter: Received W32.Bugbear virus from you

3. BugBear virus

4. bugbear virus hoax

5. BugBear Virus/ISDN Configuration Wizard

6. help to delete w32/bugbear and trjan virus

7. VIRUS VIRUS VIRUS

8. ip vers nom et nom vers ip

9. IP v6 instead of IP v4??

10. Anyway to get the server ip address not the browser ip address

11. Worm/Bugbear

12. Bugbear & printer queues

 

 
Powered by phpBB® Forum Software