[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Moderator note - viruses = KLEV



Original poster: "Terry Fritz" <twftesla-at-qwest-dot-net>

Hi All,

I have not been following viruses lately but this may be (very probably)
the very common "klez" virus.  It searches a computer for E-mail addresses
and sends out viruses to them with fake sender addresses also plucked from
the computers files.

So we probably don't have a "bad" person :-)) but just a few folks PCs with
this virus.  I am getting a few from non list members too...

http://www.wired-dot-com/news/technology/0,1282,52055,00.html

"The virus can launch automatically when users click to preview or read
e-mails bearing Klez on systems that have not been patched for a year-old
vulnerability in Internet Explorer, Outlook and Outlook Express. Klez only
affects PCs running Microsoft's Windows operating system."

Time to run the scanners, and update widows (especially Outlook users!) ;-)

Kaspersky has a little DOS thing specifically for this virus at:

http://www.kaspersky-dot-com/news.html?id=591632

It's the first of the "three methods of protection".  I ran it and I guess
I am still here :-))

ftp://ftp.kaspersky.ru/utils/clrav-dot-com

This virus tries to get you mad at the person who "seems" to have sent it.
But they actually have nothing to do with it...  Far greater "hunters" than
"i" want to bag the person that wrote this virus ;-)

I guess I don't need to you to send me headers and such after all.  Just
check you PCs out to be sure you don't have the KLEZ virus and life on
Earth will go on :-))

Cheers,

	Terry



=================
Hi All,

I, and apparently others, have noted a few virus being sent "apparently"
from list members.

It seems too wide spread and "odd" to be a "real" virus.  

What I am concerned about is some "bad" person my be trying to cause us
trouble and is sending viruses trying to make them appear to be from other
lists members.

If you get a virus sent to you apparently from someone on the list, I would
love for you to forward the full header information to me here at:

twftesla-at-qwest-dot-net

With the full original header information (cut and paste).  It is simple to
track down the "real" sender of the mails and "clean their clock" ;-))  I
really don't need you to forward the virus attachments :o))  but I'll
figure it all out.  Send a little note too explaining that you are sending
it to me to help track down what is going on. 

Apparently, a few appear to be from "twftesla-at-qwest-dot-net".  That computer
spends 95% of the time with the network cards disabled so the possibility
of a "third party sender" is high.  I'll check the virus scanners too but I
don't store list member info at all here so I don't know where it could get
the addresses.  But the addresses seem to be very common ones...


Of course, the Tesla list itself only sends pure ASCII text out and never
sends file attachments any kind.  If you ever do see a file attachment from
or "apparently from" the Tesla list, assume it is a virus.  However, this
thing appears to be going on "behind the scenes".

Cheers,

	Terry