[Adrian ARC] Virus W32KLEZ
Robert J. Warwick, Ph.D.
[email protected]
Fri, 29 Nov 2002 21:19:29 -0500
I haven't gotten any, but you have to be careful about guessing the message
originator with KLEZ. It infects a machine, then "spoofs" the mailer,
making it look like someone in the address book is the originator of the
infected mail. You really can't tell where the message is originating
unless you are really good at reading headers (and have some telepathic
gifts!). While KLEZ might be coming from Joe's machine, it is just as likely
that it is coming from some machine that has Joe's name and email address in
its address book.
The bottom line is, if your machine is on the net, and you are not running
updated antivirus software, then you will be a prime target. After it gets
finished sending itself out to everyone in the address book, it then erases
significant chunks of the hard drive, leaving you with a great boat anchor.
Bob, K2IBM
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of Mark Hinkleman
> Sent: Friday, November 29, 2002 8:47 PM
> To: [email protected]
> Subject: [Adrian ARC] Virus W32KLEZ
>
>
> Is anyone else getting messages from Joe Pullen that contain the
> W32klez virus besides me.????
>
> I have recieved 2 this evening.
>
> My antivirus software caught both of them.
>
> Mark NU8Z
>
>
> --- StripMime Report -- processed MIME parts ---
> multipart/alternative
> text/plain (text body -- kept)
> text/html
> The reason this message is shown is because the post was in HTML
> or had an attachment. Attachments are not allowed.
> Please post in Plain-Text only.---
> _______________________________________________
> AdrianARC mailing list
> [email protected]
> http://mailman.qth.net/mailman/listinfo/adrianarc
>