Clarion, BugBear Virus: IP Cleariong House

BugBear Virus: IP Cleariong House

Author	Message
Kurt Pawlikowsk #1 / 9	BugBear Virus: IP Cleariong House Hi, First: If you discover you were unfortunate enough to have contracted a virus that has attacked people on the newsgroups, please post to let us know. Just a suggestion: Anyone who has been attacked by the BugBear virus with newsgroup related text, please put header information for the first source here ("lowest" "received from" information). At least that should tell us which mail server it's coming from. Below is one of the BugBears that happened to have my name attached to it (received by Larry Sand). Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119]) by velli.mail.jippii.net (Postfix) with SMTP id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET) ... Just a few notes: It came from EET, which runs from the western part of Africa, through Israel and parts of Russia. The admin. info for this IP is: Juha Kamppi Wireless Network Services WNS OY Annankatu 44 FIN-00100 Helsinki Finland phone: +358 45 6700232 fax: +358 9 43982563 ... Techincal contact info: Jari-Petteri Levo Jippii Group Oyj Annankatu 44 third floor FIN-00100 Helsinki FI phone: +358 45 6700 622 fax: +358 9 4398 2509 SUGGESTION: Do not contact the above people until we know several attacks came from them. Note: I don't know if BugBear can SPOOF an IP or not. If it can't, then when we are sure it is originating from there, we should notify the above with as much info as possible about the specific emails involved. Hopefully, that'll give them enough information to notify their user. Regards, kurtt Kurt Pawlikowski The Pinrod Corporation (773) 284-9500 http://www.--*.com/
Fri, 29 Apr 2005 03:55:51 GMT

Kurt Pawlikowsk #2 / 9	BugBear Virus: IP Cleariong House Note: The EET zone runs up the EASTERN side of Africa... Regards, kurtt Kurt Pawlikowski The Pinrod Corporation (773) 284-9500 http://pinrod.com
Fri, 29 Apr 2005 04:00:02 GMT

jim kan #3 / 9	BugBear Virus: IP Cleariong House I just got one but deleted it without looking at it and ran norton's fixbgbear.exe to clean every thing. jim kane Quote: > Hi, > First: If you discover you were unfortunate enough to have > contracted a virus that has attacked people on the newsgroups, please > post to let us know. > Just a suggestion: Anyone who has been attacked by the BugBear virus > with newsgroup related text, please put header information for the first > source here ("lowest" "received from" information). At least that should > tell us which mail server it's coming from. Below is one of the BugBears > that happened to have my name attached to it (received by Larry Sand). > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119]) > by velli.mail.jippii.net (Postfix) with SMTP > id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET) > ... Just a few notes: It came from EET, which runs from the western part > of Africa, through Israel and parts of Russia. The admin. info for this > IP is: > Juha Kamppi > Wireless Network Services WNS OY > Annankatu 44 > FIN-00100 Helsinki > Finland > phone: +358 45 6700232 > fax: +358 9 43982563 > ... Techincal contact info: > Jari-Petteri Levo > Jippii Group Oyj > Annankatu 44 third floor > FIN-00100 Helsinki > FI > phone: +358 45 6700 622 > fax: +358 9 4398 2509 > SUGGESTION: Do not contact the above people until we know several > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or > not. If it can't, then when we are sure it is originating from there, we > should notify the above with as much info as possible about the specific > emails involved. Hopefully, that'll give them enough information to > notify their user. > Regards, > kurtt > Kurt Pawlikowski > The Pinrod Corporation > (773) 284-9500 > http://pinrod.com
Fri, 29 Apr 2005 11:04:51 GMT

sam #4 / 9	BugBear Virus: IP Cleariong House I received 2 A: From: XXXXXXXXXXXXXXX(I Have omited this) Subject: Re: help with locator I'm a cw5 novice user MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004" Date: Sat, 9 Nov 2002 21:59:19 +0200 To: undisclosed-recipients:; B: From: XXXXXXXXXXXXXX(I Have omited this) Subject: Re: Multilanguage App MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R" Bcc: Date: Sat, 09 Nov 2002 12:40:05 -0800 Quote: > Hi, > First: If you discover you were unfortunate enough to have > contracted a virus that has attacked people on the newsgroups, please > post to let us know. > Just a suggestion: Anyone who has been attacked by the BugBear virus > with newsgroup related text, please put header information for the first > source here ("lowest" "received from" information). At least that should > tell us which mail server it's coming from. Below is one of the BugBears > that happened to have my name attached to it (received by Larry Sand). > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119]) > by velli.mail.jippii.net (Postfix) with SMTP > id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET) > ... Just a few notes: It came from EET, which runs from the western part > of Africa, through Israel and parts of Russia. The admin. info for this > IP is: > Juha Kamppi > Wireless Network Services WNS OY > Annankatu 44 > FIN-00100 Helsinki > Finland > phone: +358 45 6700232 > fax: +358 9 43982563 > ... Techincal contact info: > Jari-Petteri Levo > Jippii Group Oyj > Annankatu 44 third floor > FIN-00100 Helsinki > FI > phone: +358 45 6700 622 > fax: +358 9 4398 2509 > SUGGESTION: Do not contact the above people until we know several > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or > not. If it can't, then when we are sure it is originating from there, we > should notify the above with as much info as possible about the specific > emails involved. Hopefully, that'll give them enough information to > notify their user. > Regards, > kurtt > Kurt Pawlikowski > The Pinrod Corporation > (773) 284-9500 > http://pinrod.com
Fri, 29 Apr 2005 15:35:46 GMT

Brad Kunke #5 / 9	BugBear Virus: IP Cleariong House I also received the Multi-language App email but deleted it before I saw this thread. I tried to trace the sender from the email header but the address was no good. Can bugbear scavenge email addresses from an infected computer's newsgroup files? Brad Kunkel www.ibisoftware.com Quote: > I received 2 > A: > From: XXXXXXXXXXXXXXX(I Have omited this) > Subject: Re: help with locator I'm a cw5 novice user > MIME-Version: 1.0 > Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004" > Date: Sat, 9 Nov 2002 21:59:19 +0200 > To: undisclosed-recipients:; > B: > From: XXXXXXXXXXXXXX(I Have omited this) > Subject: Re: Multilanguage App > MIME-Version: 1.0 > Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R" > Bcc: > Date: Sat, 09 Nov 2002 12:40:05 -0800 > > Hi, > > First: If you discover you were unfortunate enough to have > > contracted a virus that has attacked people on the newsgroups, please > > post to let us know. > > Just a suggestion: Anyone who has been attacked by the BugBear virus > > with newsgroup related text, please put header information for the first > > source here ("lowest" "received from" information). At least that should > > tell us which mail server it's coming from. Below is one of the BugBears > > that happened to have my name attached to it (received by Larry Sand). > > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119]) > > by velli.mail.jippii.net (Postfix) with SMTP > > id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET) > > ... Just a few notes: It came from EET, which runs from the western part > > of Africa, through Israel and parts of Russia. The admin. info for this > > IP is: > > Juha Kamppi > > Wireless Network Services WNS OY > > Annankatu 44 > > FIN-00100 Helsinki > > Finland > > phone: +358 45 6700232 > > fax: +358 9 43982563 > > ... Techincal contact info: > > Jari-Petteri Levo > > Jippii Group Oyj > > Annankatu 44 third floor > > FIN-00100 Helsinki > > FI > > phone: +358 45 6700 622 > > fax: +358 9 4398 2509 > > SUGGESTION: Do not contact the above people until we know several > > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or > > not. If it can't, then when we are sure it is originating from there, we > > should notify the above with as much info as possible about the specific > > emails involved. Hopefully, that'll give them enough information to > > notify their user. > > Regards, > > kurtt > > Kurt Pawlikowski > > The Pinrod Corporation > > (773) 284-9500 > > http://pinrod.com
Sat, 30 Apr 2005 01:23:00 GMT

Kurt Pawlikowsk #6 / 9	BugBear Virus: IP Cleariong House Brad, Donno. But, I wouldn't be surprised if there was a variant that could. Regards, kurtt Kurt Pawlikowski The Pinrod Corporation (773) 284-9500 http://pinrod.com Quote: > I also received the Multi-language App email but deleted it before I saw > this thread. I tried to trace the sender from the email header but the > address was no good. > Can bugbear scavenge email addresses from an infected computer's newsgroup > files? > Brad Kunkel > www.ibisoftware.com > > I received 2 > > A: > > From: XXXXXXXXXXXXXXX(I Have omited this) > > Subject: Re: help with locator I'm a cw5 novice user > > MIME-Version: 1.0 > > Content-Type: multipart/mixed; boundary="----------H4RVJMF6TVE004" > > Date: Sat, 9 Nov 2002 21:59:19 +0200 > > To: undisclosed-recipients:; > > B: > > From: XXXXXXXXXXXXXX(I Have omited this) > > Subject: Re: Multilanguage App > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; boundary="----------NPVG1PFVOCUKB0R" > > Bcc: > > Date: Sat, 09 Nov 2002 12:40:05 -0800 > > > Hi, > > > First: If you discover you were unfortunate enough to have > > > contracted a virus that has attacked people on the newsgroups, please > > > post to let us know. > > > Just a suggestion: Anyone who has been attacked by the BugBear virus > > > with newsgroup related text, please put header information for the first > > > source here ("lowest" "received from" information). At least that should > > > tell us which mail server it's coming from. Below is one of the BugBears > > > that happened to have my name attached to it (received by Larry Sand). > > > Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119]) > > > by velli.mail.jippii.net (Postfix) with SMTP > > > id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET) > > > ... Just a few notes: It came from EET, which runs from the western part > > > of Africa, through Israel and parts of Russia. The admin. info for this > > > IP is: > > > Juha Kamppi > > > Wireless Network Services WNS OY > > > Annankatu 44 > > > FIN-00100 Helsinki > > > Finland > > > phone: +358 45 6700232 > > > fax: +358 9 43982563 > > > ... Techincal contact info: > > > Jari-Petteri Levo > > > Jippii Group Oyj > > > Annankatu 44 third floor > > > FIN-00100 Helsinki > > > FI > > > phone: +358 45 6700 622 > > > fax: +358 9 4398 2509 > > > SUGGESTION: Do not contact the above people until we know several > > > attacks came from them. Note: I don't know if BugBear can SPOOF an IP or > > > not. If it can't, then when we are sure it is originating from there, we > > > should notify the above with as much info as possible about the specific > > > emails involved. Hopefully, that'll give them enough information to > > > notify their user. > > > Regards, > > > kurtt > > > Kurt Pawlikowski > > > The Pinrod Corporation > > > (773) 284-9500 > > > http://pinrod.com
Sat, 30 Apr 2005 01:28:54 GMT

Page 1 of 1

[ 9 post ]