I received an email with the W32 Bugbear.b@mm virus attached this evening. It was from "R/C Groups Discussion Group Mailer, and the subject was "Reply to Post "What Did You Get For Fathers Day". The infection was in the attachment "address book.mdb.scr" and the size of the attachment was 70.5KB.

The reason that I am posting this is that the email and the message in the body looked identical to the R/C Universe emails that you receive when there is a reply to a thread or post that you are watching. Also, this is the only forum I belong to, so chances are it is from some low life who has read or reads RCU.

My Norton Antivirus picked it up immediately, but if you have another antivirus or none at all be sure to check your email attachments carefully. Keep your eyes open so that this gutless scum doesn't infect your computer.[>:]

Happy Flying

Your warning is appreciated, yet is a little harsh. Viruses are tricky little buggers, and I SERIOUSLY doubt someone would get a virus and send it out on purpose. When a computer gets infected, it can use any email that was received, and mimic it and blast it out to any email address it can find in it's address book (or elsewhere for that matter).

Whoever is sending it out probably has no idea he / she is even infected.

now if they are doing it on purpose, then I can understand the gutless scum comment....

Gfinan,
Obviously, you need to do a little research before posting in a harsh maneer about RCU readers. It looks to me like a mailing worm. People get these in their email and if they dont have antivirus software, it attaches to their address book without them even knowing it. Most are a Medium Risk mass-mailing worm. This comes from the Mcafee site
"Sometimes posing as a Microsoft Security Update, this worm is intended to spread via the following methods:
Mailing itself to recipients extracted from the victim's machine. It mails itself from your machine and you dont even know it.
Copying itself over network shares (mapped drives)
Sharing itself over the KaZaa P2P network (Notorious for this)
Sending itself via IRC
The worm terminates processes relevant to various security and anti-virus products. Additionally, the worm contains its own SMTP engine to create outgoing messages to harvested email addresses from the victim's machine.
Various outgoing messages are created, with multiple subject lines and attachment names. Some make use of an Internet Explorer vulnerability to ensure the worm attachment is run upon viewing the email. When the worm is run on the victim's machine, a series of fraudulent message boxes are displayed. The worm installs itself (using a random filename) into %WinDir%, for example: C:\WINDOWS\ZNFUL.EXE."
So you see, someone has a virus and probably doesnt even know it. So its a good thing you have AV software. Consider yourself informed.

My post may seem a little harsh, and I appoligize for that. I am well aware of how worms, etc propagate on a persons system. The worm came in the attachment to an email and has the same properties as the worm has had since it was discovered some time ago. All the sender did was attach the original worm to the email that was sent out.

The problem I have, however, is that I have never heard of a worm that can create a message body to appear as though it came from a legitimate web site without manipulation from the originator of the message. I am aware that worms spoof email addresses, headers, etc all the time, but this one was designed to appear as though it came from RCU (I reinerate that I said appear). The email was close enough to an original one from RCU that I probably would have opened it! My only intention of this post was to warn the readers of this issue and nothing else. Also, I am not saying that the sender of the email was the originator of the worm. All I am trying to get across is to be aware.

Below is the message and header. As you can see the header is definitely bogus. But I will let you guys fight about the meaning of the rest. Next time I won't say a thing...

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
X-Symantec-TimeoutProtection: 2
Return-Path: <[email protected]>
Received: from excellerant.com ([209.61.186.122]) by lakemtai10.cox.net
(InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with SMTP
id <20031014002959.EYDC16416.lakemtai10.cox.net@ex cellerant.com>
for <[email protected]>; Mon, 13 Oct 2003 20:29:59 -0400
Received: (qmail 10670 invoked from network); 14 Oct 2003 00:12:05 -0000
Received: from cs666968-227.satx.rr.com (HELO Cruz) (66.69.68.227)
by jaden.net with SMTP; 14 Oct 2003 00:12:05 -0000
From: "R/C Groups Discussion Mailer" <[email protected]>
Subject: Reply to post 'What Did YOU Get For Father's Day?'
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------C78NMREM465WDW"
Message-Id: <20031014002959.EYDC16416.lakemtai10.cox.net@ex cellerant.com>
Date: Mon, 13 Oct 2003 20:30:00 -0400

------------C78NMREM465WDW
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello cruzomatic,

Dale Case has just replied to a thread you have subscribed to entitled - What Did YOU Get For Father's Day? - in the Open Discussion forum of R/C Groups Discussion.

This thread is located at:
http://www.rcgroups.com/forums/showt...........edited

There may be other replies also, but you will not receive any more notifi

------------C78NMREM465WDW--

RC Groups is not RCU, two differant sites'

But when I got hit last year with a worm, it was an attachment from a site that was rc related, and also appeared to have been a result of a posting as well.

Norton/Internet security 2003 has worked great ever since, it MS that has been an issue lately, and My ISP's upgrade.

Please reread all the post. I NEVER said it was RCU. I even reinerated the fact in my last post

Good day

Sorry, but I thought I read youre entire post's (#1 & #4),

The attempt to warn us is appreciated emensly, its a lot of hassel when you do get a virus.

Thank's

And that whoever sent you a virus is a gutless scum. Got it.

i never give my e-mail address out. i usualy use my websites free email direction to post it to me. on the top of the email it says
[Forwarded from ****************]
The *****'s are the email it redirects it from.

rclooney,

The only reason I give out my email address is that I send out free field stand plans through the "Tips and Techniques" part of RCU. This generates about 10 - 20 emails a day. After sending out over 400 sets of plans, I guess my email is in a lot of address books. Maybe your right, it may be time to set up a web page.

I have never been infected by a virus, but I have repaired a lot of systems which have. Most of these are people like you and I who might not be able to buy that new airplane because they have to pay me to fix their system. This is not right...

Thanks, Greg

whoever sent it in the first place, (wrote it) is a gutless scum in my opinion and i will hope they catch him and drag him around by his dangly parts!!!

john

People who write viruses, by definition, are lacking in dangly parts.

That was probably the funniest thing I've read today! Thanks Chuck!

What if everyone cleaned out their address book and left it blank ? Could a virus still spread ?

depends on the virus. Some actually search documents on your computer (word docs, html files, ect) and can extract email addresses from that.
The trouble is, most people dont want to have to type in an email address when they send someone an email, so the address book is needed.