
BugBear Virus: IP Cleariong House
Hi,
First: If you discover you were unfortunate enough to have
contracted a virus that has attacked people on the newsgroups, please
post to let us know.
Just a suggestion: Anyone who has been attacked by the BugBear virus
with newsgroup related text, please put header information for the first
source here ("lowest" "received from" information). At least that should
tell us which mail server it's coming from. Below is one of the BugBears
that happened to have my name attached to it (received by Larry Sand).
Received: from bs01 (netti-1-119.dyn.nic.fi [212.38.225.119])
by velli.mail.jippii.net (Postfix) with SMTP
id E4E6B83362; Wed, 6 Nov 2002 21:42:52 +0200 (EET)
... Just a few notes: It came from EET, which runs from the western part
of Africa, through Israel and parts of Russia. The admin. info for this
IP is:
Juha Kamppi
Wireless Network Services WNS OY
Annankatu 44
FIN-00100 Helsinki
Finland
phone: +358 45 6700232
fax: +358 9 43982563
... Techincal contact info:
Jari-Petteri Levo
Jippii Group Oyj
Annankatu 44 third floor
FIN-00100 Helsinki
FI
phone: +358 45 6700 622
fax: +358 9 4398 2509
SUGGESTION: Do not contact the above people until we know several
attacks came from them. Note: I don't know if BugBear can SPOOF an IP or
not. If it can't, then when we are sure it is originating from there, we
should notify the above with as much info as possible about the specific
emails involved. Hopefully, that'll give them enough information to
notify their user.
Regards,
kurtt
Kurt Pawlikowski
The Pinrod Corporation
(773) 284-9500
http://www.*-*-*.com/