[unisog] BugBear Worm
Peter Van Epp
vanepp at sfu.ca
Fri Oct 4 02:59:25 GMT 2002
I just got a complaint from offsite about a bugbear infected email
which looks to have a forged From: address at SFU (but no SFU machines showing
in headers). I hope this isn't another Klez like thing that forges From:
lines (luckily I remember seeing a mail virus scanner update notice this morning
on our changes list which hopefully catches this outbound).
The machines I have seen scanning on 137 don't appear to be sending
email, so perhaps I've been whacking some other varient too (I however am an
equal opertunity whacker, you scan I whack :-)).
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
> I've seen heavy udp port 137 scanning since Friday nite. I'm not sure what
> we've seen is BugBear or W32/Scrup.worm or W32.Opaserv.worm.
> Mike Iglesias Internet: iglesias at draco.acs.uci.edu
> University of California, Irvine phone: 949-824-6926
> Network & Academic Computing Services FAX: 949-824-2069
More information about the unisog