[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moderator note - viruses = KLEV



Original poster: "CRT by way of Terry Fritz <twftesla-at-qwest-dot-net>" <x-at-alaska-dot-net>

Little trick I have used for yrs for email viruses that attach themselves to
address books.  Put something like 00000.00000.00000 as your first address
book entry.  The virus program will come to a screeching halt because it's
not a valid e addy.  Is like it hits a brick wall and doesn't know what to
do.  I'm sure some savvy fool will write a program that will jump to your
second entry .....but to date I've not heard of one.  Good luck.  Hope this
helps.



Stay well,

Cheyenne


BTW - I note that the latest version of the KLEZ virus claims that the
attached file is the "cure" to the KLEZ virus...  Be very afraid.... - Terry



----- Original Message -----
From: "Tesla list" <tesla-at-pupman-dot-com>
To: <tesla-at-pupman-dot-com>
Sent: Friday, April 26, 2002 1:11 PM
Subject: Moderator note - viruses = KLEV


> Original poster: "Terry Fritz" <twftesla-at-qwest-dot-net>
>
> Hi All,
>
> I have not been following viruses lately but this may be (very probably)
> the very common "klez" virus.  It searches a computer for E-mail addresses
> and sends out viruses to them with fake sender addresses also plucked from
> the computers files.
>
> So we probably don't have a "bad" person :-)) but just a few folks PCs
with
> this virus.  I am getting a few from non list members too...
>
> http://www.wired-dot-com/news/technology/0,1282,52055,00.html
>
> "The virus can launch automatically when users click to preview or read
> e-mails bearing Klez on systems that have not been patched for a year-old
> vulnerability in Internet Explorer, Outlook and Outlook Express. Klez only
> affects PCs running Microsoft's Windows operating system."
>
> Time to run the scanners, and update widows (especially Outlook users!)
;-)
>
> Kaspersky has a little DOS thing specifically for this virus at:
>
> http://www.kaspersky-dot-com/news.html?id=591632
>
> It's the first of the "three methods of protection".  I ran it and I guess
> I am still here :-))
>
> ftp://ftp.kaspersky.ru/utils/clrav-dot-com
>
> This virus tries to get you mad at the person who "seems" to have sent it.
> But they actually have nothing to do with it...  Far greater "hunters"
than
> "i" want to bag the person that wrote this virus ;-)
>
> I guess I don't need to you to send me headers and such after all.  Just
> check you PCs out to be sure you don't have the KLEZ virus and life on
> Earth will go on :-))
>
> Cheers,
>
> Terry
>
>
>
> =================
> Hi All,
>
> I, and apparently others, have noted a few virus being sent "apparently"
> from list members.
>
> It seems too wide spread and "odd" to be a "real" virus.
>
> What I am concerned about is some "bad" person my be trying to cause us
> trouble and is sending viruses trying to make them appear to be from other
> lists members.
>
> If you get a virus sent to you apparently from someone on the list, I
would
> love for you to forward the full header information to me here at:
>
> twftesla-at-qwest-dot-net
>
> With the full original header information (cut and paste).  It is simple
to
> track down the "real" sender of the mails and "clean their clock" ;-))  I
> really don't need you to forward the virus attachments :o))  but I'll
> figure it all out.  Send a little note too explaining that you are sending
> it to me to help track down what is going on.
>
> Apparently, a few appear to be from "twftesla-at-qwest-dot-net".  That computer
> spends 95% of the time with the network cards disabled so the possibility
> of a "third party sender" is high.  I'll check the virus scanners too but
I
> don't store list member info at all here so I don't know where it could
get
> the addresses.  But the addresses seem to be very common ones...
>
>
> Of course, the Tesla list itself only sends pure ASCII text out and never
> sends file attachments any kind.  If you ever do see a file attachment
from
> or "apparently from" the Tesla list, assume it is a virus.  However, this
> thing appears to be going on "behind the scenes".
>
> Cheers,
>
> Terry
>
>