There's a ton of Klez variants. At least one of the Klez's hits your
email (usually MS Outlook) address book and forges the From: (kind of
a John thing but more insidious). The outgoing email claims to be a
disinfectant but the attachment is, in fact, the virus.
Simple rule of thumb folks: Don't open executable attachments (EXE,
COM, BAT, LNK*) or files that can have active Visual Basic content
(e.g. DOC, XLS) unless you know from whom you are receiving AND are
expecting the file. Configure you're email program to NOT run an
attachment upon opening the email. Have an active virus checker like
Norton. Get a Mac or Linux.
*LNK is a nasty Microsoft bugger. You won't see this extension at all
unless you configure your machine to show it. So I could send you a
file called 'MarinacciButtNaked.jpg.lnk'. You'd open it happily
expecting to see a dudes ass but instead you get a virus or sent to a
website about bearcodes. The hidden lnk issue may have been fixed in
the newer MS OSes.
In case MS didn't make lnk visible you can do some Registry hacking
(using regedit) - I don't recommend this since you can really screw up
yopur system if you're not careful. But if you're like me and think
life's an adventure anyway then go into the Registry and search for
'NeverShowExt'. Hopefully you'll find an entry about lnk with a value
of either 0 or 1. Modify the value to the other.
Thanks Microsoft!
Ozzy
--- In OliveStarlightOrchestra_at_y..., "toughslush" <meurtre_at_e...>
wrote:
> --- In OliveStarlightOrchestra_at_y..., "tschibasch"
> <tschibasch_at_y...> wrote:
> > Hello, folks. If interested, please read the following. It is not
a
> > joke
>
> Yeah, I know. I get these all the damned time--and it isn't all via
> this web site. Some of it just flows into my e-mail directly, with
no
> "OSO" designation. It's supposedly from people like SR, or Mosk,
> or others I don't recognize. They are empty, but have
> attachments--and/or text similar to what you quoted.
>
> I think you would have been getting them too, John, except that in
> at least one place--until a few days ago--Lenny had your Syvox
> address, rather than your hotmail one. So the worm has
> presumably sent most or all of yours to the nonexistent account.
>
> Fortunately, I have a Mac, so I'm not really vulnerable to Lenny's
> virus/worm/whatever. But wouldn't it be nice if he fixed this, so we
> wouldn't get all this crap any more?
>
> By my accounting, this has been going on since 6/3 or so, when I
> got my first virus spam from Lenny--both directly, and through the
> web site. (The direct one purported to be from you.)
>
> I think you would have noticed more of these, John, but I believe
> Dean cleans them up as they show up on the site.
>
> --Joy
>
>
>
> >
> > I logged on just this evening and noticed three messages
> which were
> > empty. They were large, but contained no text. One was from
> Dave M.,
> > the other from Henry, and the third from Joy. I answered Dave's
> > message before realizing what was going on. There was
> nothing in
> > these messages to make me suspect Lenny's computer, or
> anyone else's
> > for that matter.
> >
> > Then a forth message appeared from "johnt_at_s...". Looks
> familiar
> > to me! This message had text inside it. Here is what it was:
> >
> >
> > Klez.E is the most common world-wide spreading worm.It's
> very
> > dangerous by corrupting your files.
> > Because of its very smart stealth and anti-anti-virus
> technic,most
> > common AV software can't detect or clean it.
> > We developed this free immunity tool to defeat the malicious
> virus.
> > You only need to run this tool once,and then Klez will never
> come
> > into your PC.
> > NOTE: Because this tool acts as a fake Klez to fool the real
> > worm,some AV monitor maybe cry when you run it.
> > If so,Ignore the warning,and select 'continue'.
> > If you have any question,please mail to me.
Received on 2002-06-28 08:57:03
This archive was generated by hypermail 2.3.0
: 2020-02-04 07:16:13 UTC