Jump to content

Geocaching Virus


DisQuoi
Followers 0

Recommended Posts

Today I received the following email:

Subject: Geocaching.com Weekly Cache Notification

Date: Mon, 4 Aug 2003 18:05:43 -0400

From: Geocaching Notify Bot <notify@worldnet.att.net>

 

Greetings from Geocaching.com -

 

Recent caches in your area...

 

2/5/2003 (Oklahoma)

Bling Bling by Darkmoon

(Traditional Cache) (GCD047) (1.71 miles NW)

http://www.geocaching.com/seek/cache_details.asp?ID=3D53319

 

2/8/2003 (Oklahoma)

Oklahoma Geocachers Morning Meeting by BootsWalker

(Event Cache) (GC1B89) (2.36 miles N)

http://www.geocaching.com/seek/cache_details.asp?ID=3D7049

 

5/3/2003 (Oklahoma)

Oklahoma Spring Fling by OkDoke &

 

It was followed by the following message that was tagged on by my corporate email account:

 

The file attached to this email was removed because it was infected with the W32.Bugbear.B@mm virus.

Link to comment

I got one too, but a different one.Date: Tue, 5 Aug 2003 09:03:53 -0400

From: Geocaching.com Geo Bot <contact@krause.com>

Subject: Geocaching.com Cache Report Received.

Parts/Attachments:

1 Shown 4 lines Text

2 74 KB Application

----------------------------------------

 

Greetings from Geocaching.com.

 

Just a quick note to let you know that we received your cache report. Someone

will review it shortly and post it to the site if there are no issues.

 

[ Part 2, Application/X-MSDOWNLOAD 98KB. ]

[ Cannot display this part. Press "V" then "S" to save in a file. ]

 

Date: Tue, 5 Aug 2003 09:03:53 -0400

From: Geocaching.com Geo Bot <contact@krause.com>

Subject: Geocaching.com Cache Report Received.

Parts/Attachments:

1 Shown 4 lines Text

2 74 KB Application

----------------------------------------

 

Greetings from Geocaching.com.

 

Just a quick note to let you know that we received your cache report. Someone

will review it shortly and post it to the site if there are no issues.

Link to comment

That's how bugbear works. Someone with your email address in their address book or in an html file on their computer got infected. The worm scanned their pc and found your address. Then it took an email from their inbox and sent it to you with itself as an attachment. I'm not sure if the "From" address is the victim or if it's chosen randomly.

 

http://www.sophos.com/virusinfo/analyses/w32bugbearb.html

 

--

Pehmva!

 

Random quote:

sigimage.php

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Followers 0
×
×
  • Create New...