[FWDLK] Virus/Worm Notice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FWDLK] Virus/Worm Notice

Hi All,

New virus out that might spread through the list.  It appears that a couple of copies at least went out yesterday to individuals from the list to other individuals also on the list, but not necessarily to everyone -through- the mailing list.  Does that make sense?  I need more coffee...

I'll give you kind of the techie run-down on it, but in short... UPDATE YOUR ANTIVIRUS PROGRAMS REGULARLY!

The worm mails itself to email addresses in the Windows Address Book, plus addresses extracted from files on the victim machine. It arrives in an email message whose subject and body is composed from a pool of strings carried within the virus. For example:

Subject: A very funny website
or Subject: 1996 Microsoft Corporation
or Subject: Hello,honey
or Subject: Initing esdi
or Subject: Editor of PC Magazine.
or Subject: Some questions
or Subject: Telephone number

The file attachment name is again generated randomly, for example:
  ALIGN.pif
  User.bat
  line.bat

Thanks to the use of the exploit described above, simply opening or previewing the message in a vulnerable mail client can result in infection of the victim machine.

W32/Klez.h@MM ALSO MASQUARADES AS A FREE IMMUNITY TOOL in at least one of the messages used:

Subject: Worm Klez.E Immunity

Body: "Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me."

NOTE THE ABOVE TEXT IN QUOTES IS NOT WRITTEN BY ME.  If you receive the above message body, discard it -- it is the virus itself!

-Dave

Dave Stragand
Network Analyst
Ketchum Inc.
412-456-3839

Ketchum.  Passion and Precision in Communication.
2002 PR Week Agency of the Year.

-- -- -- -- -- -- -- --
Calendars are still available.  Don't miss the chance to get yours now!
Details for ordering may be found at:
http://www.forwardlook.net/calendar2002/index.html
Home Back to the Home of the Forward Look Network


Copyright © The Forward Look Network. All rights reserved.
Opinions expressed in posts reflect the views of their respective authors.
This site contains affiliate links for which we may be compensated.