DisQuoi Posted August 5, 2003 Share Posted August 5, 2003 Today I received the following email: Subject: Geocaching.com Weekly Cache Notification Date: Mon, 4 Aug 2003 18:05:43 -0400 From: Geocaching Notify Bot <notify@worldnet.att.net> Greetings from Geocaching.com - Recent caches in your area... 2/5/2003 (Oklahoma) Bling Bling by Darkmoon (Traditional Cache) (GCD047) (1.71 miles NW) http://www.geocaching.com/seek/cache_details.asp?ID=3D53319 2/8/2003 (Oklahoma) Oklahoma Geocachers Morning Meeting by BootsWalker (Event Cache) (GC1B89) (2.36 miles N) http://www.geocaching.com/seek/cache_details.asp?ID=3D7049 5/3/2003 (Oklahoma) Oklahoma Spring Fling by OkDoke & It was followed by the following message that was tagged on by my corporate email account: The file attached to this email was removed because it was infected with the W32.Bugbear.B@mm virus. Quote Link to comment
Wanderingson Posted August 5, 2003 Share Posted August 5, 2003 it this bugbear dude a cacher? Quote Link to comment
+regoarrarr Posted August 5, 2003 Share Posted August 5, 2003 I got one too, but a different one.Date: Tue, 5 Aug 2003 09:03:53 -0400 From: Geocaching.com Geo Bot <contact@krause.com> Subject: Geocaching.com Cache Report Received. Parts/Attachments: 1 Shown 4 lines Text 2 74 KB Application ---------------------------------------- Greetings from Geocaching.com. Just a quick note to let you know that we received your cache report. Someone will review it shortly and post it to the site if there are no issues. [ Part 2, Application/X-MSDOWNLOAD 98KB. ] [ Cannot display this part. Press "V" then "S" to save in a file. ] Date: Tue, 5 Aug 2003 09:03:53 -0400 From: Geocaching.com Geo Bot <contact@krause.com> Subject: Geocaching.com Cache Report Received. Parts/Attachments: 1 Shown 4 lines Text 2 74 KB Application ---------------------------------------- Greetings from Geocaching.com. Just a quick note to let you know that we received your cache report. Someone will review it shortly and post it to the site if there are no issues. Quote Link to comment
Swagger Posted August 5, 2003 Share Posted August 5, 2003 That's how bugbear works. Someone with your email address in their address book or in an html file on their computer got infected. The worm scanned their pc and found your address. Then it took an email from their inbox and sent it to you with itself as an attachment. I'm not sure if the "From" address is the victim or if it's chosen randomly. http://www.sophos.com/virusinfo/analyses/w32bugbearb.html -- Pehmva! Random quote: Quote Link to comment
+Team Lawrence Posted August 5, 2003 Share Posted August 5, 2003 The FROM field is spoofed in the BugBear virus based on addressed it extracts from a variety of sources on your PC. You will note that the addresses used in the samples provided above were not the correct addresses for the senders described. See also McAfee's information page Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.