Got this email from a friend of mine in the military...thought I'd pass it along: 1. NAVCIRT (NAVY COMPUTER INCIDENT RESPONSE TEAM) ISSUES THIS BULLETIN TO HEIGHTEN THE AWARENESS OF A MASS MAILING WORM KNOWN AS W32.BUGBEAR@MM. WHILE THE IMPACT ON NAVAL COMMANDS HAS BEEN MINIMAL, IT STILL WARRANTS ATTENTION. 2. W32.BUGBEAR@MM CIRCULATES AS AN E-MAIL ATTACHEMENT AND TARGETS MACHINES RUNNING MICROSOFT SOFTWARE. THIS NETWORK-AWARE WORM IS ATTACHED TO E-MAILS WITH A WIDE VARIETY OF SUBJECT LINES SUCH AS "BAD NEWS," "MEMBERSHIP CONFIRMATION," "MARKET UPDATE REPORT," AND "YOUR GIFT". IT APPEARS TO USE RANDOMLY GENERATED NAMES TO AVOID DETECTION BY ANTI-VIRUS SOFTWARE, AS WELL AS, MULTIPLE FILE EXTENSIONS TO DISGUISE THE FACT THAT IT IS AN EXECUTABLE FILE. W32.BUGBEAR@MM TRIES TO COPY ITSELF TO ALL TYPES OF SHARED NETWORK RESOURCES. IT HAS KEYSTROKE-LOGGING AND BACKDOOR CAPABILITIES AND ATTEMPTS TO TERMINATE THE PROCESSES OF VARIOUS ANTI-VIRUS AND FIREWALL PROGRAMS. BECAUSE THE WORM DOES NOT PROPERLY HANDLE THE NETWORK RESOURCE TYPES, IT MAY FLOOD SHARED PRINTER RESOURCES, WHICH CAUSES THEM TO PRINT GARBAGE OR DISRUPT THEIR NORMAL FUNCTIONALITY. FOR MORE INFORMATION VISIT SYMANTEC (Norton Anti-Virus) at the link below: http://www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html ALSO IF YOUR COMPUTER IS INFECTED, Norton AV's FIX IS LOCATED AT THE LINK BELOW: http://www.symantec.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html Respectfully, Eric R. Scott Network Engineer AISD, Code 033 Navy Supply Corps School Athens, GA 30606
