[unisog] BugBear Worm

Russell Fulton r.fulton at auckland.ac.nz
Fri Oct 4 08:53:33 GMT 2002

On Fri, 2002-10-04 at 14:59, Peter Van Epp wrote:
> 	I just got a complaint from offsite about a bugbear infected email 
> which looks to have a forged From: address at SFU (but no SFU machines showing
> in headers). I hope this isn't another Klez like thing that forges From: 

I'm afraid so...

We got hit much ealier in the week, before AV vendors got updates out.
First symptom was printer trouble with printers spitting out garbage
pages etc. Turns out to be a side affect of the scanning ??? It took us
a day to realise that the printer troubles and the virus were related.

I've been on leave this week and only have a sketchy idea about what is
going on.  One thing I do know is that this worm was seeded heavily in
UK centric networks.  On Wednesday the top countries of origin were UK,
Australia and NZ (which is amazing given our 4 million population).

So far I have had about a dozen or so land in my inbox.  It now appears
to be spreading into the rest of the 'Net.

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin

