[TenTec] weird postings virus?

Duane Budd w5ben@arrl.net
Sun, 12 May 2002 16:25:17 -0400 

I did NOT mean to stomp anyone. I asked a question. I asked
it because I would like to know if the activity of the
Norton outgoing Email protection works on virus/worm
generated "automatic" mailing.

I have received the K---virus several times, but Norton
caught it every time, as far as I know.


Duane Budd
w5ben@arrl.net
Johnson City, TN

**All outgoing Email is screened by Norton Antivirus**



-----Original Message-----
From: tentec-admin@contesting.com
[mailto:tentec-admin@contesting.com]On
Behalf Of Dave Kamp, KW0D
Sent: Sunday, May 12, 2002 12:53 PM
To: tentec@contesting.com
Subject: RE: [TenTec] weird postings virus?


Hi Duane, et al.-

Don't stomp Mike over the postings- he's not hosting it.
The virus doing
the postings is well documented in

http://securityresponse.symantec.com/avcenter/venc/data/w32.
klez.h@mm.html

It (and it's variants) are very clever.  The way it does
it's spoofing,
it's actually highly unlikely that the person indicated as
the sender has
anything to do with it.  This virus actually 'shuts off'
other viruses and
worms for stealth, and it uses email addresses pulled from
OTHER emails
(not just your address list!).  It then encloses it's
payload in with an
'inert' looking RANDOM file from the host machine, and uses
a series of
different subject headers.  It is for this reason, that the
virus
propogates well-  it can strip names from reflectors, or
emailed joke
lists... and spam.

The easy way to avoid propogating the virus, is to have such
an obsolete
system that it doesn't work.  So far, I've been
unsuccessfully attacked
about 40 times, and since this machine supports essentially
nothing
(including decoding attachments) it just doesn't get here.
(I use the
other machines for the 'real' stuff).

Take a look at the description, and the covariants.  There's
also a free
elimination program if you've got the bug.

DK  :-)

At 12:15 PM 05/12/2002 -0400, you wrote:
>Have you had your 	OUTGOING email scanned by Norton? While
>Norton has been catching any k l e z junk here (as far as I
>know) hopefully the outgoing screen will kill anything that
>is missed???
>
>Duane Budd
>w5ben@arrl.net
>Johnson City, TN


73's from KW0D Dave in LeClaire, Iowa
_______________________________________________
TenTec mailing list
TenTec@contesting.com
http://lists.contesting.com/mailman/listinfo/tentec