goto UNSW home page
CONTACTS
School of Physics > Physics IT Support > Notices > Bugbear@mm
Notices
 IT Notices forums
 Security: AL-2005.0043 [Win]
 Magellan disk corruption
 Power shutdown July 6 2005
 Magellan new disk rollout
 Newt RAID5 rollout
 Telnet and FTP service
 Mimail.D virus
 Sobig.E virus
 Newt replacement
 Bugbear worm
 W32/klez
 Nimda worm

Help
 Physics Mail
 Secure Shell
 Cygwin X11 Server
 Paper guidelines
 Helpdesk
 Request help
 Contact us

Downloads
 Software
 Account application PDF
 Useful mirrors

Network connection
 Network Access Request
 Network settings

Info exchange
 Physics e-mail lists
 School forums
 Computing forum

Documentation
 Workstation Guide HTML/PDF
 PDF Scanning
 Computing Facilities
 Workstation Software
 UN*X Security Guide
 Multimedia Facility
 CD creation quick guide
 OCR quick guide
 C Language Course Notes
 DEC F77 guide
 Proxy information

Quicklinks
 Physics IT Support
 School of Physics
 Linux links
 AARnet Mirror
 Web design
 Web statistics

Bugbear@mm

Not directly affected

The following operating systems are not directly attacked by this virus:
  • MacOS versions prior to MacOS X 10.x
  • Unix (including *BSD, Linux, MacOS X 10.x)

For the impatient

MANUALLY UPDATE YOUR ANTIVIRUS DEFINITIONS NOW.

Description

Along with the Opaserv virus doing the rounds is Bugbear@mm. Aside from the mass-mailing worm feature the virus possesses these characteristics:
  • Installs a trojan that logs keystrokes with the aim of collecting remote system passwords. This is potentially serious because it can lead to remote system compromises.
  • Sends large junk jobs to network printers.
  • Opens network port 36794. Physics has been scanned for computers with this network port open but fortunately none could be found---this does not indicate Physics is free of this virus or will not be attacked, however.
  • If a PC is infected before anti-virus software detects it, the virus disables anti-virus processes running on the infected PC .

Action

As per the two previous e-mail broadcasts (Subject: VIRUS ALERT - Bugbear... dated Wed 2 Oct, and Subject: Don't be slack dated Fri Oct 4) it is essential that all users MANUALLY UPDATE THEIR VIRUS DEFINITIONS. Although Norton anti-virus automatically updates its virus definitions both Bugbear and Opaserv are very new viruses and may infect your computer if your definitions are not dated 30/09/02 or 09/30/02 or more recent.

It should go without saying that USERS SHOULD NOT OPEN ATTACHMENTS CONTAINED IN UNSOLICITED E-MAIL.

More information

How to manually update your Norton Anti-virus definitions

This e-mail from ACSU explains it:

---------- Forwarded message ----------
Date: Tue, 1 Oct 2002 14:13:08 +1000
From: Russell Bastock
To: virus-info@explode.unsw.edu.au
Subject: VIRUS ALERT - Bugbear & Opaserv viruses

Please update your Norton AntiVirus (NAV) definitions immediately as follows:

1. Open NAV by double-clicking the yellow shield icon at the bottom
right corner of your computer screen. If this is missing, go to the
Start menu and select Programs > Norton AntiVirus
Corporate Edition > Norton AntiVirus Corporate Edition

2. Look at the date above the LiveUpdate button, if it is not 30/9/02
or 09/30/02 you will have to update your virus definitions as follows;

3. Click the 'LiveUpdate' button, then the 'Next' button then follow
any prompts to allow the LiveUpdate process to complete. Illustrated
instructions are found at the end of the NAV installation manual at
 http://www.acsu.unsw.edu.au/soft_dist/anti_virus/reference/norton/NortonCE_install.pdf

  CRICOS Provider Code - 00098G Disclaimer
School of Physics - The University of New South Wales - Sydney Australia 2052
Site comments physicsweb@phys.unsw.edu.au © School of Physics UNSW