[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Virus-Warning



On Tue, 21 May 2002, Karsten [iso-8859-1] K?nne wrote:

> On Tuesday 21 May 2002 06:52, Susanne Benkert wrote:
> | Hi,
> | has anybody on this list problems with emails containing a virus called
> | WORM_KLEZ.H?
> |
> | Since Friday I got two virus alerts from my postmaster. I believe it could
> | be anyone from thislist, that has send me that worm, because I use this
> | email address quite seldom.
> |
> | Have a nice day!
> | Susanne
>
> I also got some WORM_KLEZ.H virii in the last days (which were captured by our
> virus scanner). Looks like some bastard scanned the list archive and is now
> sending out this crap. Everybody should be careful.

Please note, regarding the identity of Bastard:

Some piece of trivia regarding klez.h: klez.h is a virus/mail-worm . It
spreads mainly through sending messages that contain copies of itself
through mail. It has an independent SMTP component that usually (alway?)
forges the "From:" header of the message. This confuses many peopl and
virus scanners.

(It doesn't forge the SMTP envelope sender, though)

Another important piece of infornmation regarding the message that
contains klez.h (this one is regarding all the klez variants, actually):

thse worms use arelatively old security hole in explorer/outlook that
allows a message author to cause the recipient to execute part of a
message automatically. This hole has been patched by microsoft over a year
ago.

Therefore anybody whose computer has been infected with klez.* has either:

* failed to install a critical security patch from the software vendor
  (try "windows updates")
* executed a piece of untrusted code from an untrusted source (a mail
  message

-- 
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir