For those that havn't noticed yet, a new virus has just come out which is spreading extremely rapidly. Depending on what antivirus software you use its called "W32.Bugbear(a)mm" (Norton Antivirus) or "I-Worm.Tanatos" (Kaspersky) - it may go under different names on other scanners. Both Norton and Kaspersky have only added detection of it in the last 12 hours AFAIK, and it looks like it has been in the wild in NZ at least 24 hours before updates to most scanners were able to detect it. (On topic bit :) The thing that's interesting about this particular virus is that it actively scans netblocks for machines listening on port 137 (Windows file/printer sharing) using simple incremental scans, so its quite easy to spot machines that are infected. Apparently it also sends information about the compromised machine to a pre-defined email address, and also opens a backdoor listening on TCP port 36794. As well as that, it uses the I-Frame exploit to automatically infect machines with unpatched versions of Outlook Express, and has the ability to automatically close all commonly used virus scanners whenever you try to run them. Based on the massive flood of this virus we've seen today it looks like a Klez killer has arrived..... (its outnumbering Klez by about 16 to 1 in our stats today) More info: http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear(a)mm.htm... Regards, Simon Byrnand iGRIN Internet - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog