Virus/Worm Notice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Virus/Worm Notice



Hi All,

Bob Merritt asked me to send this along. There's a new virus out that might spread through the list. It appears that a couple of copies at least went out yesterday to individuals from the list to other individuals also on the list, but not necessarily to everyone -through- the mailing list. Does that make sense? I need more coffee...

I'll give you kind of the techie run-down on it, but in short... UPDATE YOUR ANTIVIRUS PROGRAMS REGULARLY! More details may be found at http://vil.mcafee.com/dispVirus.asp?virus_k=99455&cid=3149

The worm mails itself to email addresses in the Windows Address Book, plus addresses extracted from files on the victim machine. It arrives in an email message whose subject and body is composed from a pool of strings carriedwithin the virus. For example:

Subject: A very funny website 
or Subject: 1996 Microsoft Corporation 
or Subject: Hello,honey 
or Subject: Initing esdi 
or Subject: Editor of PC Magazine. 
or Subject: Some questions 
or Subject: Telephone number 

The file attachment name is again generated randomly, for example: 
ALIGN.pif 
User.bat 
line.bat 

Thanks to the use of the exploit described above, simply opening or previewing the message in a vulnerable mail client can result in infection of the victim machine. 

W32/Klez.h@MM ALSO MASQUARADES AS A FREE IMMUNITY TOOL in at least one of the messages used:

Subject: Worm Klez.E Immunity

Body: "Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me."

NOTE THE ABOVE TEXT IN QUOTES IS NOT WRITTEN BY ME. If you receive the above message body, discard it -- it is the virus itself!

-Dave Stragand




Home Back to the Home of the Forward Look Network Archive Sitemap


Copyright © The Forward Look Network. All rights reserved.

Opinions expressed in posts reflect the views of their respective authors.
This site contains affiliate links for which we may be compensated.