> >The latest worm to make its way onto our discussion lists is
> >WW32.Klez.H@mm and it is quite sophisticated.
> >See http://www.symantec.com/avcenter/venc/data/w32.klez.h@...
> >for full details.
> >By 19 April, Symantec had upgraded the threat posed by this new
> >member of the Kletz family of worms to Category III, which is not
> >something to be laughed off.
> >Once having entered your machine, Kletz.H, among other things,
> >removes the start-up keys for many anti-virus products. This
> >means that, if you don't catch it before it starts to execute
> >(usually the next time you open Windows), you may not notice it
> >at all.
> >Kletz.H then chooses a random file from your machine under which
> >to hide itself, searches the Windows address book, the ICO files,
> >and any other files containing e-mail addresses to prepare for a
> >mass mailing. It may attach another random file taken from your
> >machine to the e-mail message, so the message may have two
> >attachments, one of which could be quite personal and private.
> >It chooses one of the addresses it has acquired from your
> >machine, places it on the e-mail's FROM: line, and then sends
> >itself. It contains its own SMTP engine and guesses at available
> >SMTP servers.
> >This means that you should not open a message with an attachment
> >even if it appears to be coming from a friend until you have
> >updated your virus definitions and had it inspect the files . It
> >also means that, if your machines becomes infected, you cannot
> >tell from whom the infected message came to you.
> >If you wish, you can examine the subject line for clues that the
> >message is carrying W32.Klez.H@mm. It uses a large number of
> >SUBJECT: lines, among which Symantec
> >notes the following:
> > Undeliverable mail--"[Random word]"
> > Returned mail--"[Random word]"
> > a [Random word] [Random word] game
> > a [Random word] [Random word] tool
> > a [Random word] [Random word] website
> > a [Random word] [Random word] patch
> > [Random word] removal tools
> > how are you
> > let's be friends
> > darling
> > so cool a flash,enjoy it
> > your password
> > honey
> > some questions
> > please try again
> > welcome to my hometown
> > the Garden of Eden
> > introduction on ADSL
> > meeting notice
> > questionnaire
> > congratulations
> > sos!
> > japanese girl VS playboy
> > look,my beautiful girl friend
> > eager to see you
> > spice girls' vocal concert
> > japanese lass' sexy pictures
> > The random word will be one of the
> > following:
> > new
> > funny
> > nice
> > humour
> > excite
> > good
> > powful
> > WinXP
> > IE 6.0
> > W32.Elkern
> > W32.Klez.E
> > Symantec
> > Mcafee
> > F-Secure
> > Sophos
> > Trendmicro
> > Kaspersky
> SCA Kingdom of the Outlands -- http://www.outlands.org --
> To unsubscribe from this group, send an email to: email@example.com
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Your message has been successfully submitted and would be delivered to recipients shortly.
Changes have not been saved
Press OK to abandon changes or Cancel to continue editing
Your browser is not supported
Kindly note that Groups does not support 7.0 or earlier versions of Internet Explorer.
We recommend upgrading to the latest Internet Explorer, Google Chrome, or Firefox. If you are using IE 9 or later, make sure you turn off Compatibility View.