[unisog] BugBear Worm (Klez-like, yes)

Rita Seplowitz Saltz rita at princeton.edu
Fri Oct 4 11:47:25 GMT 2002


Bugbear does indeed falsify origin information, sometimes in "portmanteau"
fashion.  I.e., left of @ we see the left part of one harvested address;
right of @ we see the right part of a different harvested address.   We've
seen this in at least one instance. Symantec's write-up documents the
"feature" in the Notes section.  The Bugbear document is at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.html

Rita Saltz
Policy and Security Advisor
Office of Information Technology (OIT)
Princeton University
rita at princeton.edu




More information about the unisog mailing list