[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Are we getting spammed or attacked on this list? / Klez WORM

I suppose I should add a bit here since I work in the field (ISP). 

What you are all likely seeing is a new strain of the Klez worm. Info is
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h at mm_html

It is a worm that gets into your machine (through outlook, which tends to
be susceptible to a lot of these things), then goes through your address
book. It will send messages to people in your address book, and other
addresses it finds on your machine. It will attach random files that it
finds on your machines to the messages in addition to copies of itself.

The tricky part is that the worm forges the "from" headers in the messages
it sends and inserts addresses from the address book in the "from" field.
The result is that the messages appear to come from people other than those
who are actually infected, although there is no guarantee that other
addresses it picks will also be infected.

The messages sent by the worm typicall look like the usual spam, although I
have seen some of the messages claiming to have a removal tool for the Klez
worm. It is NOT A REMOVAL TOOL. It IS the worm. The messages have very bad
grammer and are easy to spot.

I've seen a huge pick up in this worm over the past week or so and have
been receiving some 20+ copies of it a day from my customers. Norton
AntiVirus ***IF RECENTLY UPDATED*** will catch this worm before it can do
any harm.


>I have been getting an onslaught of bogus email with an attachment virus,
>and now its coming from members of this list. I have been getting them every
>day for the past week, about a dozen or so a day, with all sorts of trick
>messages or headers to entice me into opening the attachment. O:ne thing
>they all have in common is in outlook when I highlight the message to delete
>it, it automatically opens the window giving me a choice of opening it or
>saving it to the hard disk... and saving it to the hard disk is the default
>setting if I hit OK... REAL SNEAKY. Be real carefull of these emails folks,
>don't open any email with an attachment.

Waveform Technology
UNIX Systems Administrator