Tango identity theft!!


1507 Tango identity theft!!	ARTICLE INDEX
Date: Wed, 9 Jul 2003 00:21:35 -0400 From: WHITE 95 R <white95r@HOTMAIL.COM> Subject: Tango identity theft!! Dear listeros and listeras, Please be aware that some malicious program is sending email with my return address "white95r@hotmail.com". These appear to be excerpts from postings to the tango -l but they contain virus attachment. Obviously these do not generate from my computers (I run virus protection and firewalls) I guess somebody got this virus that has my email address (and many others) in their mail box. Please exercise extreme caution if you receive email from my highjacked address and open no attachments. Sorry for any inconvenience these viruses cause, but there is nothing more I can do about it than to warn you. Manuel Date: Wed, 9 Jul 2003 21:14:07 +0900 From: astrid <astrid@RUBY.PLALA.OR.JP> Subject: Re: Tango identity theft!! (virus mail) Beware of all mails that have the subject: "Re: Is Buenos Aires worth the trip?". This is a virus mail with an attachment, using subject, old mail content (incomplete) and addresses of tango-l members. Somebody said, it is the bugbear virus, even though the bugbear description does not fit these characteristics. Delete these mails immediately, and get them out of your system completely. > Dear listeros and listeras, > > Please be aware that some malicious program is sending email with my return > address "white95r@hotmail.com". These appear to be excerpts from postings to > the tango -l but they contain virus attachment. Obviously these do not > generate from my computers (I run virus protection and firewalls) I guess > somebody got this virus that has my email address (and many others) in their > mail box. Please exercise extreme caution if you receive email from my > highjacked address and open no attachments. Sorry for any inconvenience > these viruses cause, but there is nothing more I can do about it than to > warn you. > > Manuel > > > Date: Wed, 9 Jul 2003 14:44:26 +0100 From: Bruce Stephens <bruce@CENDERIS.DEMON.CO.UK> Subject: Re: Tango identity theft!! (virus mail) astrid <astrid@RUBY.PLALA.OR.JP> writes: > Beware of all mails that have the subject: "Re: Is Buenos Aires > worth the trip?". This is a virus mail with an attachment, using > subject, old mail content (incomplete) and addresses of tango-l > members. Somebody said, it is the bugbear virus, even though the > bugbear description does not fit these characteristics. Delete these > mails immediately, and get them out of your system completely. Most of the antivirus vendors have online information about the various worms and viruses. Here's one about this virus/worm: <https://www.sophos.com/virusinfo/analyses/w32bugbeara.html> The description doesn't seem inconsistent with what I'm seeing. The page also includes a link to this page: <https://www.sophos.com/support/disinfection/bugbear.html> which includes information about how to disinfect a system, and also a free tool that'll do it for you. Just deleting the email isn't good enough. Your computer may already be infected. Date: Wed, 9 Jul 2003 14:34:13 +0100 From: Bruce Stephens <bruce@CENDERIS.DEMON.CO.UK> Subject: Re: Tango identity theft!! (virus mail) astrid <astrid@RUBY.PLALA.OR.JP> writes: > Beware of all mails that have the subject: "Re: Is Buenos Aires > worth the trip?". This is a virus mail with an attachment, using > subject, old mail content (incomplete) and addresses of tango-l > members. Somebody said, it is the bugbear virus, even though the > bugbear description does not fit these characteristics. Delete these > mails immediately, and get them out of your system completely. Not good enough. This does seem to be W32/Bugbear-A. I receive all email sent to cenderis.demon.co.uk, so I probably see more of this kind of thing than most people (for example, I receive nondelivery reports for email sent by white95r@CENDERIS.DEMON.CO.UK, an address which has never been used except by the virus), and I've received 30 or 40 nondelivery reports as a result of this (and that's just today; I received a similar number yesterday for a different address, and doubtless will tomorrow, too), and the various antivirus systems that people are using seem to agree that it's W32/Bugbear-A (not all use that name). Deleting the email isn't good enough. If you use Microsoft Windows and Outlook Express (and possibly other email programs on Windows)---no shame in doing that, obviously, since most people do---then you really need to get hold of an antivirus program, and you need to use it and keep its database up to date. Unless you've got one free in some way (your ISP may provide one, or your computer may have come with one), then that probably means you need to buy one. If you're technically inclined, then there's a free one here: <https://www.f-prot.com/download/home_user/> (the antivirus for DOS one). It's not as easy to use as the various for-pay Windows antivirus products, but for some people it would be OK. [...] Date: Thu, 10 Jul 2003 00:33:13 +0900 From: astrid <astrid@RUBY.PLALA.OR.JP> Subject: Re: Tango identity theft!! (virus mail) > > Beware of all mails that have the subject: "Re: Is Buenos Aires > > worth the trip?". > Deleting the email isn't good enough. If you use Microsoft Windows > and Outlook Express ,...then you really need to get hold of an antivirus program, and you > need to use it and keep its database up to date. If you do not have any antivirus, at least you scan your system with a free online virus scan you can get at "Symantec security check", "pccillin" and a few others, until you get one. A trick friends have told me: start your adddress book with a freely invented email address (starting with an "aa" or a "1"), so when some virus starts sending out mail from your address book, the first one will bounce, and you will know something is wrong. The bugbear alert site also advises people with infected computers to change all their passwords,because bugbear uses open ports to spy out your system. Continue to Tango Trance \| ARTICLE INDEX

1507 Tango identity theft!!