Bugbear virus

I'm pretty careful about giving out my ISP email address. It is reserved for personal correspondence and for web sites and business purposes, I always give my hotmail address. After only ever receiving one virus attempt in three or four years, twice in three days I have received email with attachments that contained the Bugbear virus. Luckily Norton caught them. The thing is, the return address at least from what I saw on the email title as it was being received were both from legitimate sites I have visited on the web. I'm wondering how my email address propagated to the sender of the viruses. When I visit a site and receive a cookie, is the cookie actually powerful enough to search and find my email address? I was thinking possibly a trojan horse but hopefully Norton would have caught that.

Any ideas? Anybody else getting the bugbear virus sent to their machines?

Most of these new viruses and mutations of old ones spoof email addresses:, they will pick up at random a "from" and then send out "to" all of the email address out of any address book on any machine that they get into, and send it back out as being from one of the addresses that it found, usually NOT the email address of the person using the machine that sent you the virus.

OR, if a virus writer has a gripe against a website or a person, he can write that URL or email address into his code and make it look like the whole strain he is starting is from that site / person.

I hope those explanations makes sense.

The only way to track down the source of the virus is to go by IP address, and even that doesn't work half the time because that can get spoofed too.

I don't know how many times it has been that just going by the email addresses I have apparently sent myself a virus from one of my emails to another of my own.... One of my customers gets infected, and suddenly it seems as if I sent out dozens or hundreds of viri, but my machines are CLEAN.

Really makes me mad. All virus writers should be shot.... then hanged... Then burned.... (that is a reference to "Lonesome Dove" which I'm watching again)

geep... Check This Out. It might shed some light on it for you.

Yeah, I figure the email address was spoofed, just wonder how it got ahold of my email address in the first place. Does one need to run a trojan horse program in addition to an anti-virus program? I see there are dedicated trojan horse scanners such Tauscan.

geep... no, the only thing that needs to exist for you to get this virus sent to you is for your email address to be in someone's... anyone's!... address book. That's it. That's all it takes. Nothing more. /ubbthreads/images/graemlins/icon6.gif

Yeah, it could be the same person sending you the virus with a different name as the sender. I've had this problem before where people who I don't even know will email me and tell me to stop sending them viruses (virii?)--it makes me look bad even though it's not me. If you can limit your search to people who would have both your address and the (displayed) sender's address in his/her address book, then you can probably find the source. Luckily most of the times I have this problem it's obvious who the person with the infected computer is.

As an additional twist it appears that some variants of current MS attacking viruses is that they might be able to "mix and match" by using an address hijacked from a previous machine's address book to send to the contents of the current address book.

In that way I've seemed to have sent people I don't know a virus I don't have from an address I've never seen via an IP I've never been near. /ubbthreads/images/graemlins/icon23.gif (How do I know this? The "postmaster" account at the far end notifys me, as the originator, that I've sent a virus, and includes the tracking info.)

Not only do I have anti-virus software on my machines, but they are all behind a software firewall, behind a hardware firewall and there are two levels of filtering before it even gets to my machine and has to pass MY filters. Thing is, since I don't run anything Microsoft, I probably don't need any of that protection anyway. /ubbthreads/images/graemlins/grin.gif

What really bothers me about all of this virus passing and SPAM is the tremendous amount of bandwidth it is wasting. That's one reason we all pay the prices we do: Only about 40% of the e-mail bandwidth on-line is legit e-mail, the rest is spam and viruses.

I just watch it go by.

/ubbthreads/images/graemlins/popcorn.gif

Wouldn't you say that e-mail traffic on the internet is like a highway system without laws? Or very few laws? You would have gridlock conditions nearly all of the time that traffic is flowing. Problem is, if you try to enforce or "regulate" email traffic, then most die-hard netizens will complain that the original concept of the internet as being "open and free" is being eroded. If not regulation, then perhaps a more stict protocol. Perhaps one that does not allow SMTP relaying of any kind, coupled with anti-spoofing technologies. I worked several years back at a major international banking corp who had their own private network, complete with 100% proprietary protocols, which defied any attempt at spoofing. After all, huge sums of money were on the line, so they paid dearly for its development and deployment, but the payoff apparently was worth it.
I just think that the current operating mechanics of the internet protocol need to be re-thought. Especially since its commercialization, things are certainly headed for trouble.


Ed.