[unisog] BugBear Worm

Peter Van Epp vanepp at sfu.ca
Fri Oct 4 02:59:25 GMT 2002

	I just got a complaint from offsite about a bugbear infected email 
which looks to have a forged From: address at SFU (but no SFU machines showing
in headers). I hope this isn't another Klez like thing that forges From: 
lines (luckily I remember seeing a mail virus scanner update notice this morning
on our changes list which hopefully catches this outbound).
	The machines I have seen scanning on 137 don't appear to be sending 
email, so perhaps I've been whacking some other varient too (I however am an
equal opertunity whacker, you scan I whack :-)).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

> I've seen heavy udp port 137 scanning since Friday nite.  I'm not sure what
> we've seen is BugBear or W32/Scrup.worm or W32.Opaserv.worm.
> Mike Iglesias                          Internet:    iglesias at draco.acs.uci.edu
> University of California, Irvine       phone:       949-824-6926
> Network & Academic Computing Services  FAX:         949-824-2069

More information about the unisog mailing list