Loading ...
Sorry, an error occurred while loading the content.

Forwarding for your info, Lady Barbara, al-Barran--Re: [outlands] Virus warning (re: WW32.Klez.H@mm)

Expand Messages
  • Barbara Krege
    Message 1 of 1 , Apr 26, 2002
    • 0 Attachment
      Maria Martinez wrote:

      > >The latest worm to make its way onto our discussion lists is
      > >WW32.Klez.H@mm and it is quite sophisticated.
      > >
      > >See http://www.symantec.com/avcenter/venc/data/w32.klez.h@...
      > >for full details.
      > >
      > >
      > >By 19 April, Symantec had upgraded the threat posed by this new
      > >member of the Kletz family of worms to Category III, which is not
      > >something to be laughed off.
      > >
      > >Once having entered your machine, Kletz.H, among other things,
      > >removes the start-up keys for many anti-virus products. This
      > >means that, if you don't catch it before it starts to execute
      > >(usually the next time you open Windows), you may not notice it
      > >at all.
      > >
      > >Kletz.H then chooses a random file from your machine under which
      > >to hide itself, searches the Windows address book, the ICO files,
      > >and any other files containing e-mail addresses to prepare for a
      > >mass mailing. It may attach another random file taken from your
      > >machine to the e-mail message, so the message may have two
      > >attachments, one of which could be quite personal and private.
      > >
      > >It chooses one of the addresses it has acquired from your
      > >machine, places it on the e-mail's FROM: line, and then sends
      > >itself. It contains its own SMTP engine and guesses at available
      > >SMTP servers.
      > >
      > >This means that you should not open a message with an attachment
      > >even if it appears to be coming from a friend until you have
      > >updated your virus definitions and had it inspect the files . It
      > >also means that, if your machines becomes infected, you cannot
      > >tell from whom the infected message came to you.
      > >
      > >If you wish, you can examine the subject line for clues that the
      > >message is carrying W32.Klez.H@mm. It uses a large number of
      > >SUBJECT: lines, among which Symantec
      > >notes the following:
      > >
      > > Undeliverable mail--"[Random word]"
      > > Returned mail--"[Random word]"
      > > a [Random word] [Random word] game
      > > a [Random word] [Random word] tool
      > > a [Random word] [Random word] website
      > > a [Random word] [Random word] patch
      > > [Random word] removal tools
      > > how are you
      > > let's be friends
      > > darling
      > > so cool a flash,enjoy it
      > > your password
      > > honey
      > > some questions
      > > please try again
      > > welcome to my hometown
      > > the Garden of Eden
      > > introduction on ADSL
      > > meeting notice
      > > questionnaire
      > > congratulations
      > > sos!
      > > japanese girl VS playboy
      > > look,my beautiful girl friend
      > > eager to see you
      > > spice girls' vocal concert
      > > japanese lass' sexy pictures
      > >
      > >
      > > The random word will be one of the
      > > following:
      > >
      > > new
      > > funny
      > > nice
      > > humour
      > > excite
      > > good
      > > powful
      > > WinXP
      > > IE 6.0
      > > W32.Elkern
      > > W32.Klez.E
      > > Symantec
      > > Mcafee
      > > F-Secure
      > > Sophos
      > > Trendmicro
      > > Kaspersky
      >
      >
      > SCA Kingdom of the Outlands -- http://www.outlands.org --
      >
      > To unsubscribe from this group, send an email to: outlands-unsubscribe@yahoogroups.com
      >
      >
      > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    Your message has been successfully submitted and would be delivered to recipients shortly.