[unisog] BugBear Worm (Klez-like, yes)

Rita Seplowitz Saltz rita at princeton.edu
Fri Oct 4 11:47:25 GMT 2002

Bugbear does indeed falsify origin information, sometimes in "portmanteau"
fashion.  I.e., left of @ we see the left part of one harvested address;
right of @ we see the right part of a different harvested address.   We've
seen this in at least one instance. Symantec's write-up documents the
"feature" in the Notes section.  The Bugbear document is at:


Rita Saltz
Policy and Security Advisor
Office of Information Technology (OIT)
Princeton University
rita at princeton.edu

More information about the unisog mailing list