mcafee & bugbear.b

Malcolm Bishop malcolm.bishop at KCL.AC.UK
Fri Jun 6 11:30:16 IST 2003


In response to my previous e-mail I did notice the following on Mcafee

-- Update June 05, 2003 --
AVERT has received a large number of truncated samples. These are
damaged and do not infect. The next DAT release will contain detection
of these samples as W32/Bugbear.b.dam. Additionally samples have been
received that suggest the virus can mail the encrypted keylog file
during its propagation routine.

Therefore perhaps they are damaged bugbear.b files but I am sending a
sample off for analysis.



On Fri, 6 Jun 2003 11:07:30 +0100 "Spicer, Kevin"
<Kevin.Spicer at BMRB.CO.UK> wrote:

> > Hi,
> >
> > We are using McAfee and have noticed the same thing. Perhaps
> > it is a new
> > variant? However, I did have a quick look on a couple of anti-virus
> > companies sites and there does not seem to be any information about
> > new variant.
> >
> Perhaps you should send the suspect files to your AV vendor for
> analysis?
> BMRB International
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the
> recipient and may contain confidential and/or privileged
> material.  If you have received this in error, please contact the
> sender and delete this message immediately.  Disclosure, copying
> or other action taken in respect of this email or in
> reliance on it is prohibited.  BMRB International Limited
> accepts no liability in relation to any personal emails, or
> content of any email which does not directly relate to our
> business.

Malcolm Bishop
Systems Administrator
School of Law,
Kings College London,
Strand, London, WC2R 2LS

Tel:   020 7848 1107
Email: malcolm.bishop at

More information about the MailScanner mailing list