I wondered about that, on the other hand paranoia is a good thing
sometimes. I'm the network guy here and have spent numerous hours
cleaning infections from systems supposedly protected by checkers.
I should have looked closer at where the mail came from. BugBear will
grab an address plus other tatalizing info and create a an infected
message. However it does not seem to spoof the sending domain. Further
inspection indicates that lmco.com is the Lockheed Martin Company.
I have received several messages from folks infected with bugbear. in
some of the cases I have been able to track them back to the computer that
was infected I'll keep looking
Thanks for the help
Steve
-----Original Message-----
From: owner-6pack@autox.team.net [mailto:owner-6pack@autox.team.net]On
Behalf Of Jim Hill
Sent: Tuesday, October 29, 2002 10:04 PM
To: 6pack@autox.team.net
Subject: Re: information from this site
Steve Hanselman wrote:
> I have received two messages that were infected with BugBear.
> one from the list machine it self, and one from a user.
As others have pointed out, it's extremely unlikely that you'd have
received
an infected message from the list, since the autox server transmits only
text and strips out all attachments. There was a recent message received
by
some members of the 6pack and Triumphs lists that appeared to "simulate"
the
return address of the list (owner-triumphs), but with a suffix of
@lmco.com,
rather than @autox.team.net.
> Please insure that your virus checkers are up to date.
Always good advice.
Jim Hill
Madison WI
[demime 0.99d.1 removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]
|