1507  Tango identity theft!!

ARTICLE INDEX


Date: Wed, 9 Jul 2003 00:21:35 -0400
From: WHITE 95 R <white95r@HOTMAIL.COM>
Subject: Tango identity theft!!

Dear listeros and listeras,

Please be aware that some malicious program is sending email with my return
address "white95r@hotmail.com". These appear to be excerpts from postings to
the tango -l but they contain virus attachment. Obviously these do not
generate from my computers (I run virus protection and firewalls) I guess
somebody got this virus that has my email address (and many others) in their
mail box. Please exercise extreme caution if you receive email from my
highjacked address and open no attachments. Sorry for any inconvenience
these viruses cause, but there is nothing more I can do about it than to
warn you.

Manuel





Date: Wed, 9 Jul 2003 21:14:07 +0900
From: astrid <astrid@RUBY.PLALA.OR.JP>
Subject: Re: Tango identity theft!! (virus mail)

Beware of all mails that have the subject: "Re: Is Buenos Aires worth the
trip?". This is a virus mail with an attachment, using subject, old mail
content (incomplete) and addresses of tango-l members. Somebody said, it is
the bugbear virus, even though the bugbear description does not fit these
characteristics. Delete these mails immediately, and get them out of your
system completely.

> Dear listeros and listeras,
>
> Please be aware that some malicious program is sending email with my

return

> address "white95r@hotmail.com". These appear to be excerpts from postings

to

> the tango -l but they contain virus attachment. Obviously these do not
> generate from my computers (I run virus protection and firewalls) I guess
> somebody got this virus that has my email address (and many others) in

their

> mail box. Please exercise extreme caution if you receive email from my
> highjacked address and open no attachments. Sorry for any inconvenience
> these viruses cause, but there is nothing more I can do about it than to
> warn you.
>
> Manuel
>
>
>




Date: Wed, 9 Jul 2003 14:44:26 +0100
From: Bruce Stephens <bruce@CENDERIS.DEMON.CO.UK>
Subject: Re: Tango identity theft!! (virus mail)

astrid <astrid@RUBY.PLALA.OR.JP> writes:

> Beware of all mails that have the subject: "Re: Is Buenos Aires
> worth the trip?". This is a virus mail with an attachment, using
> subject, old mail content (incomplete) and addresses of tango-l
> members. Somebody said, it is the bugbear virus, even though the
> bugbear description does not fit these characteristics. Delete these
> mails immediately, and get them out of your system completely.

Most of the antivirus vendors have online information about the
various worms and viruses. Here's one about this virus/worm:
<http://www.sophos.com/virusinfo/analyses/w32bugbeara.html>

The description doesn't seem inconsistent with what I'm seeing.

The page also includes a link to this page:
<http://www.sophos.com/support/disinfection/bugbear.html> which
includes information about how to disinfect a system, and also a free
tool that'll do it for you.

Just deleting the email isn't good enough. Your computer may already
be infected.




Date: Wed, 9 Jul 2003 14:34:13 +0100
From: Bruce Stephens <bruce@CENDERIS.DEMON.CO.UK>
Subject: Re: Tango identity theft!! (virus mail)

astrid <astrid@RUBY.PLALA.OR.JP> writes:

> Beware of all mails that have the subject: "Re: Is Buenos Aires
> worth the trip?". This is a virus mail with an attachment, using
> subject, old mail content (incomplete) and addresses of tango-l
> members. Somebody said, it is the bugbear virus, even though the
> bugbear description does not fit these characteristics. Delete these
> mails immediately, and get them out of your system completely.

Not good enough. This *does* seem to be W32/Bugbear-A. I receive all
email sent to cenderis.demon.co.uk, so I probably see more of this
kind of thing than most people (for example, I receive nondelivery
reports for email sent by white95r@CENDERIS.DEMON.CO.UK, an address
which has never been used except by the virus), and I've received 30
or 40 nondelivery reports as a result of this (and that's just today;
I received a similar number yesterday for a different address, and
doubtless will tomorrow, too), and the various antivirus systems that
people are using seem to agree that it's W32/Bugbear-A (not all use
that name).

Deleting the email isn't good enough. If you use Microsoft Windows
and Outlook Express (and possibly other email programs on
Windows)---no shame in doing that, obviously, since most people
do---then you really need to get hold of an antivirus program, and you
need to use it and keep its database up to date.

Unless you've got one free in some way (your ISP may provide one, or
your computer may have come with one), then that probably means you
need to buy one. If you're technically inclined, then there's a free
one here: <http://www.f-prot.com/download/home_user/> (the antivirus
for DOS one). It's not as easy to use as the various for-pay Windows
antivirus products, but for some people it would be OK.

[...]




Date: Thu, 10 Jul 2003 00:33:13 +0900
From: astrid <astrid@RUBY.PLALA.OR.JP>
Subject: Re: Tango identity theft!! (virus mail)

> > Beware of all mails that have the subject: "Re: Is Buenos Aires
> > worth the trip?".
> Deleting the email isn't good enough. If you use Microsoft Windows
> and Outlook Express ,...then you really need to get hold of an antivirus

program, and you

> need to use it and keep its database up to date.

If you do not have any antivirus, at least you scan your system with a free
online virus scan you can get at "Symantec security check", "pccillin" and a
few others, until you get one.
A trick friends have told me: start your adddress book with a freely
invented email address (starting with an "aa" or a "1"), so when some virus
starts sending out mail from your address book, the first one will bounce,
and you will know something is wrong.
The bugbear alert site also advises people with infected computers to change
all their passwords,because bugbear uses open ports to spy out your system.


Continue to Tango Trance | ARTICLE INDEX