[Towertalk] OT-Virus???
Bill Otten
Bill Otten" <res0958z@verizon.net
Thu, 25 Apr 2002 15:38:19 -0400
I've received notices from mail administrators (just this morning in fact)
that a mail I supposedly sent was infected. Trouble is, I don't even have
that individuals name in my address book. Here's the text of the message I
received....perhaps if someone reads it and notices the addressee as someone
in THEIR address book, it might suggest where the infected computer is.
From: <winita@wabash.net>
To: <res0958z@verizon.net>
Sent: Thursday, April 25, 2002 12:47 am
Subject: Virus Alert
> The mail message (file: 33470) you sent to wec69@wabash.net contains a
virus. We have cleaned or quarantined the virus before delivering the text
of the email. Please check your system for other infected files. If you need
help, see www.antivirus.com for more information. ( Wabash.net System
Administrator winita@wabash.net)
That being said, here's a note from one of the anti-virus sites mentioning
this virus' ability to 'spoof' an address from an infected computer and send
mail to propagate the virus:
WORM_KLEZ.I
Aliases:
I-Worm.Klez.i, W32/Klez.gen@mm, KLEZ.I
(see also: description and solution)
Variant of: WORM_KLEZ.A
In the wild: No
Discovered: Apr. 20, 2002
Detection available: Apr. 20, 2002
Detected by pattern file #: 267
(still using 900-series pattern files?)
Detected by scan engine #: 5.200
Language:
English
Platform: Windows
Encrypted: No
Size of virus: varies
IMPORTANT DETAILS:
Similar to the other KLEZ variants, this worm can change or spoof the
original email address in the FROM: field. It obtains the email addresses
(that it places in the FROM: field) from the infected user's address book.
This causes a non-infected user to appear as the person who has sent this
worm's malicious email. It does this to hide the real sender of the infected
email.
Honestly...this worm virus is SO prolific that I don't think it's limited to
a ham's computer. One of the hams on the list may have it, but this thing is
pervasive lately....McAfee moved it to moderate risk category. Run the virus
check programs, and use the latest data files....this worm virus is very
recent...an old virus file won't catch it.!!
Bill
KC9CS
----- Original Message -----
From: "Tom Anderson" <ww5l@gte.net>
To: <Towertalk@contesting.com>
Sent: Thursday, April 25, 2002 10:54 am
Subject: [Towertalk] OT-Virus???
> Fellow Tower Talkians:
>
> Pardon the off-topic message, but I was curious if others were having the
same
> problem since many of the "bounced" e-mails I describe below are from/to
other
> hams.
>
> Have you been receiving a number of "bounced" e-mails recent to people you
never
> sent e-mails to are e-mails infected with the W.32Klez virus?? Or have you
noticed
> an increasing number of "infected" e-mails according to whichever
anti-virus
> program you are using?
>
> The latest bounced one was I supposedly sent to N5XX recommending he use
an IE
> 6.0 "patch" that was attached. It bounced because N5XX's ISP said my
e-mail was
> too long something like 100kb then Norton said it was infected with the
W.32Klez
> virus on the return.
>
> I've even gotten a bunch of e-mails with no message from, just blank,
except for
> the header which is sent to my e-mail address from someone I've never
heard of or
> it lists "undisclosed recipients" in the "To:" address line..
>
> I don't even use IE, I use Netscape 4.79 since most viruses are seemingly
written
> for IE than Netscape.
>
> I've got Norton anti-virus running on both incoming and outgoing, plus
their
> update service is running constantly in the background (it just now gave
me the ok
> that all virus definitions are updated).
>
> I even received an e-mail from/to "myself" at least with my e-mail
address as
> the sender that was supposedly infected according to Norton.
>
> A special download that Norton has for the W.32Klez virus says my system
is virus
> free.
>
> I hope you haven gotten one of these messages with my e-mail address as
the
> sender.
>
> Again, pardon the off-topic message, I was interested if others were
having this
> same problem that seems to have gotten more severe in the last week to 10
days.
>
> Tom, WW5L
>
>
>
>
>
>
>
>
> _______________________________________________
> Towertalk mailing list
> Towertalk@contesting.com
> http://lists.contesting.com/mailman/listinfo/towertalk