[Scan-DC] (no subject)

[Spaceboy]

Unlike many other email viruses, Klez not only sends to addresses gathered 
from the Windows address book, web browser cache, and other files, but 
will also use a fake sender address drawn from these same sources. So what 
happened here is that somebody who either subscribes to ScanDC or reads it 
through the web got infected with Klez, and Klez randomly chose 
"RadioGuy101@comcast.net" to use as the fake sender address. This behavior 
can also cause you to recieve strange bounce messages from addresses you 
did not send mail to.

Klez also happens to be more destructive to your computer than SirCam or 
most of the other email viruses. While SirCam and the like simply stick a 
few files in your windows directory that can be deleted either by hand or 
using a virus scanner to restore your system to proper working order, Klez 
will eventually begin to overwrite your applications, pretty much 
necessitating a reinstall of everything from scratch. Not fun. Klez also 
takes advantage of a security bug in outlook that enables it to infect the 
system as soon as the message is viewed without the user having to run any 
attachments. (Yes, this is what everybody said was impossible back when 
the "Good Times" hoax was making its rounds, but thanks to Microsoft 
innovation it's not anymore :-)

Always remember to update your antivirus software on a regular basis 
(McAfee releases updates through www.nai.com every Wednesday afternoon 
and at other times if necessary; Norton releases updates daily through 
www.symantec.com and weekly through their auto-update feature), keep up 
with Windows and IE patches from windowsupdate.microsoft.com, and always 
think twice before opening strange attachments.

On Sun, 2 Jun 2002, Belldina, Craig (NHLBI) wrote:

> Yeah, but that does not explain why email is being posted to ScanDC in your
> name. Yes, Klez attaches to your (if your infected) email address book and
> starts shooting things off. However, Klez is just one of many that can do
> that kinda of wierdness. If Yahoo! members are sending you infected mail,
> set up a "rule" in Outlook to automatically delete in coming mail,
> otherwise, it's going to forward that to us on SCAN DC. Which, still makes
> me wonder once you get email from Yahoo! members its auto-forwarding to this
> board.
> 
> As for viruses, you are only protected when Norton decides it serious enough
> to have an antidote posted. Most of the time, it's too little, too late.
> REACTIVE, not PROACTIVE. There are 1000's of virus discovered everyday, not
> all on them are included in Nortons, Mcafee's .DAT download. 
> 
> You may want to do more research & see why Yahoo! mail sent to you is being
> sent (forwarded) to ScanDC.
> 
> -Craig
> _______________________________________________
> Scan-DC mailing list
> Scan-DC@mailman.qth.net
> http://mailman.qth.net/mailman/listinfo/scan-dc
>