Off Topic: Virus Alert

Yahoo Archive
1
One possible back door for these worms is people who retrieve email from a POP3 or hotmail/yahoo account. Our email server successfully detected a Magistrate virus today through the normal Libertyelectronics domain, but email I check from my home POP3 account got brought to my desktop. I saw the suspicious email, forwarded it to the liberty account and it got nailed. But I could have been hit on my workstation had I not noticed the suspicious tell-tale signs.

Troy Funte
Liberty Electronics

----- Original Message -----
From: Brian Boyes
To: 'vantage@yahoogroups.com'
Sent: Tuesday, May 07, 2002 11:24 AM
Subject: RE: [Vantage] Off Topic: Virus Alert


We have been getting a lot of attempts to send it to our users as well. They
keep getting caught on out mail filter. Be warned that Klez actually spoofs
the sender's address. So if you see any messages containing the virus, they
aren't actually from the person on the "from" line.

Brian Boyes,
Systems Administrator,
Precision Resource Canada Ltd.
<http://www.precisionresource.com>
<mailto:brianb@...>

> -----Original Message-----
> We seem to have been hit with a W32.Klez virus, still early,
> but it would
> seem to be particularly virulent. It appears to get past
> NAV2002 and go into stealth mode attacking .exe's..

Yahoo! Groups Sponsor
ADVERTISEMENT




Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



[Non-text portions of this message have been removed]
2
We seem to have been hit with a W32.Klez virus, still early, but it would
seem to be particularly virulent. It appears to get past NAV2002 and go
into stealth mode attacking .exe's.

You can get more info from Symantec on:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html

Regards Chris Reed
Professional Welding Services Limited
3
Chris,

Are your definitions up to date? We are running NAV2002 and, while I have
seen it come in a lot, it appears that we are catching it. I haven't seen
anything that would indicate virus damage. What, in particular is it doing?
When you say it gets past NAV2002, does that mean that there is no
notification of it's presence (which I think would indicate out of date
definitions) or does NAV quarantine it and then you are having problems
anyway? I seem to remember reading somewhere that this one can infect just
by previewing the email... scary.

Anyway, I'm updating my virus defs now...

Thanks,

Carl Peters

-----Original Message-----
From: Chris Reed [mailto:chrisr@...]
Sent: Tuesday, May 07, 2002 9:46 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Off Topic: Virus Alert


We seem to have been hit with a W32.Klez virus, still early, but it would
seem to be particularly virulent. It appears to get past NAV2002 and go
into stealth mode attacking .exe's.

You can get more info from Symantec on:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html

Regards Chris Reed
Professional Welding Services Limited



Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
4
We have been getting a lot of attempts to send it to our users as well. They
keep getting caught on out mail filter. Be warned that Klez actually spoofs
the sender's address. So if you see any messages containing the virus, they
aren't actually from the person on the "from" line.

Brian Boyes,
Systems Administrator,
Precision Resource Canada Ltd.
<http://www.precisionresource.com>
<mailto:brianb@...>

> -----Original Message-----
> We seem to have been hit with a W32.Klez virus, still early,
> but it would
> seem to be particularly virulent. It appears to get past
> NAV2002 and go into stealth mode attacking .exe's..
5
We got hit with it too. It got past Computer Associates InoculateIT 6.0 on
one workstation, while mine detected it and hopefully cured it. However, it
did start creating (and what else I don't know) extraneous files on the
server and I am now in the process of reinstalling the OS, and everything on
the Server. The server booted fine, but almost any application I tried to
run on the server crashed it. The files it created were: *.exe *.scr
*.pif *.bat with * being files found almost anywhere on the server.
Reformatting and reinstalling the hd on the original offending pc seems to
have stemmed the tide of infected email within our system.

The worm/virus in a network-aware worm and will create (??) files in every
mapped drive it finds.