[Opensource] Supposed Virus From Me

[Michael Rimov]

Hey All,

There's been a couple of people thinking that I sent them a virus 
(specifically bugbear)...  I'm writing this as to why this virus didn't 
come from me :)

--This is specifically from the symantec site:

>It then uses its own SMTP engine to send itself to all email addresses 
>that it finds. The worm also can construct addresses for the "From:" field 
>using information that it harvests from the infected computer. For 
>example, the worm may find the addresses a at a.com, b at b.com and c at c.com. The 
>worm could create an email message addressed to a at a.com and spoof the 
>"From:" address, so that it appears to come from c at b.com. The spoofed 
>address can also be a valid email address that the worm finds on the system.


So basically it can send itself from whoever it wants.

--I also checked the IP address of where the virus mailed itself from:

                         194.158.96.114

Our company has no public or private mail servers in that ip address range.

--Symantec also said that bugbear can create it's own mail on the fly.  If 
you notice, the offending email had been originally posted to the last 
quite some time ago.

--I have file extensions visible on my machine, I keep an updated AntiVirus 
checker (which caught the email when it was incoming in the first place), 
and I DON'T open executable-type attachments (!!)

--And just in case, I looked for on my system other signs of the problem... 
all proper anti-virus tasks are running (bugbear tries to shut them all 
down)... no suspicious files as defined in the symantec website.

--And I don't look MS Outlook.  [Which Bugbear also tries to exploit]

Hope this clears the air!

                                                 -Mike