Forwarding for your info, Lady Barbara, al-Barran--Re: [outlands] Virus warning (re: WW32.Klez.H@mm)
- Maria Martinez wrote:
> >The latest worm to make its way onto our discussion lists is
> >WW32.Klez.H@mm and it is quite sophisticated.
> >See http://www.symantec.com/avcenter/venc/data/w32.klez.h@...
> >for full details.
> >By 19 April, Symantec had upgraded the threat posed by this new
> >member of the Kletz family of worms to Category III, which is not
> >something to be laughed off.
> >Once having entered your machine, Kletz.H, among other things,
> >removes the start-up keys for many anti-virus products. This
> >means that, if you don't catch it before it starts to execute
> >(usually the next time you open Windows), you may not notice it
> >at all.
> >Kletz.H then chooses a random file from your machine under which
> >to hide itself, searches the Windows address book, the ICO files,
> >and any other files containing e-mail addresses to prepare for a
> >mass mailing. It may attach another random file taken from your
> >machine to the e-mail message, so the message may have two
> >attachments, one of which could be quite personal and private.
> >It chooses one of the addresses it has acquired from your
> >machine, places it on the e-mail's FROM: line, and then sends
> >itself. It contains its own SMTP engine and guesses at available
> >SMTP servers.
> >This means that you should not open a message with an attachment
> >even if it appears to be coming from a friend until you have
> >updated your virus definitions and had it inspect the files . It
> >also means that, if your machines becomes infected, you cannot
> >tell from whom the infected message came to you.
> >If you wish, you can examine the subject line for clues that the
> >message is carrying W32.Klez.H@mm. It uses a large number of
> >SUBJECT: lines, among which Symantec
> >notes the following:
> > Undeliverable mail--"[Random word]"
> > Returned mail--"[Random word]"
> > a [Random word] [Random word] game
> > a [Random word] [Random word] tool
> > a [Random word] [Random word] website
> > a [Random word] [Random word] patch
> > [Random word] removal tools
> > how are you
> > let's be friends
> > darling
> > so cool a flash,enjoy it
> > your password
> > honey
> > some questions
> > please try again
> > welcome to my hometown
> > the Garden of Eden
> > introduction on ADSL
> > meeting notice
> > questionnaire
> > congratulations
> > sos!
> > japanese girl VS playboy
> > look,my beautiful girl friend
> > eager to see you
> > spice girls' vocal concert
> > japanese lass' sexy pictures
> > The random word will be one of the
> > following:
> > new
> > funny
> > nice
> > humour
> > excite
> > good
> > powful
> > WinXP
> > IE 6.0
> > W32.Elkern
> > W32.Klez.E
> > Symantec
> > Mcafee
> > F-Secure
> > Sophos
> > Trendmicro
> > Kaspersky
> SCA Kingdom of the Outlands -- http://www.outlands.org --
> To unsubscribe from this group, send an email to: firstname.lastname@example.org
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/