UCE Complaint ([Qcwa] about the Klez worm and its randomly generated emails)

Jerry Sparks [email protected]
Mon, 29 Jul 2002 23:51:48 -0400 

You have sent the attached unsolicited e-mail to my 
e-mail account.

I do not wish to receive such messages in the future. 
Please remove my name from your lists immediately.


Have you been getting nonsense messages in your email with two files
attached, one of them an executable file; i.e., its name has an extension=
,
such as: .exe .bat .scr ?  If so, you've been the recipient of a message
generated by the "Klez" worm.

This worm has been infecting many PCs over the last few months and affect=
ing
many more recipients of email.  It came up for discussion on Chapter 91's=
 2
meter net last Sunday because several of us have been finding such messag=
es
in our in-boxes, sometimes with the address of another QCWA member as the
purported sender.  

Also, we've been getting messages from mail servers telling us that a
message we sent was undeliverable to someone we don't know. But the messa=
ge
referred to is not something we sent, even though our email address shows=
 in
its From: field.

Today, Dave Matthews, K3MV, sent a very informative message about Klez. I=
f
you want to learn more about it, click on the URL in his message below. I=
t
will take you to a 9 page description of "W32.Klez.H@mm" worm and its
variants.  This description, posted by Symantec, tells how the worm works=
,
how it goes about randomly assembling email messages to spread itself to
others, and what the resultant messages can look like; i.e., it shows the
lists of words from which the worm randomly picks the contents of its
messages: the subject, the body, and the names of the attached files and
their extensions.  

Klez only runs on machines operating under a MS Windows OS, and then only=
 if
one makes the mistake of launching the executable file attached to one of
its progeny.  That file contains a copy of the worm, and if you cause it =
to
be executed, it will make itself at home on your machine.  It will then
start randomly generating emails and copying addresses to the To: and Fro=
m:
fields of each message from files it finds on your machine which contain
email addresses.  

If you notice unexpected modem activity going on, it could be that worm a=
t
work.  The Symantec page also provides a downloadable program that will
remove the worm, if your machine is infected.

73, Dick Rucker, KM4ML
    QCWA Chapter 91 Secretary

> From: "David Matthews" <[email protected]>
> Date: Mon, 29 Jul 2002 14:31:26 -0400
> To: <[email protected]>
> Subject: Info on Klez.H
> 
> Hi Dick -
> 
> In the QCWA net, someone had wondered if Klez.H was now cross-platform.=
  The
> description currently posted at Symantec (Norton) shows that it does no=
t
> affect non-windows systems.  See:
> 
>     http://www.sarc.com/avcenter/venc/data/[email protected]
> 
> What I should have mentioned on the net is that one of the best ways to=
 avoid
> e-mail worms to use just about anything other than Microsoft Outlook fo=
r
> e-mail.  Netscape, Eudora, and several others work fine and don't subje=
ct the
> user to the level of risk that Outlook does.  Many I.T. managers refer =
to
> "Outlook" as "Lookout!" because of the number of problems caused by usi=
ng it.
> 
> 73 de K3MV

_______________________________________________
QCWA mailing list
[email protected]
http://mailman.qth.net/mailman/listinfo/qcwa