« previous next »
Pages: [1]   Go Down

Author Topic: A PC virus alert  (Read 1496 times)

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
A PC virus alert
« on: March 06, 2003, 10:59:00 AM »
Subject:  A powful tool

Lib.pif attachment

Not recorded on any virus security site yet.

I received it two days ago and sent it to be analyzed.

Buddha thinks he found the W32.Klez.D@mm in the attachment, but it may be a new strain.

"With Klez most likely it didn't come from your friend .......@webtv.net. It may not have even come from ....@nycap.rr.com (return path) because Klez has a built-in SMPT server. But someone who knows him has the virus. There's not much you can do. Maybe try to get your friends to run a virus scan that's about it. That would be anyone with ........ @webtv.net address. Any headers from a Klez worm is 99.9% BS."

I was suspicious from the start because the guy who's address it came from is in the hospital and didn't have access nor the capacity to send one.
Logged

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
A PC virus alert
« Reply #1 on: March 06, 2003, 11:40:00 PM »
It would appear from a Google search I did that the KLEZ variant you received may be the KLEZ.H worm. Or at least that's how this person's virus software identified it.  See:

http://lists.cistron.nl/pipermail/cistron-...une/003812.html

However, it could be a new variant, since as you noted, it doesn't quite fit the definitions found at Symantec and McAfee. A number of the ones I've received didn't seem to exactly fit the descriptions either.

http://securityresponse1.symantec.com/sarc....klez.h@mm.html

KLEZ and all its horrible offspring has become a real nuisance - the aspect of not being able to determine its REAL sender from either the "from" line or the "return path" line is a pain. I've had a number of them over the past few weeks, and without knowing who sent them, it's a little difficult to help anyone. I maintain a large mailing list for our community action group and send out regular warnings for the real nasties, or if it appears that more than one member has received the same virus. Our emails go out blind carbon copied, but lots of us have large numbers of the other members in our email address books. The fact that I'm the keeper of the entire list and on a Mac has become a distinct advantage!
Logged
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
A PC virus alert
« Reply #2 on: March 06, 2003, 02:32:00 PM »
Thanks Paddy, Buddha found the same discrepancies as well. The trouble with this is that it came in a message about a person who is in a bad way, and many people will enthusiastically retrieve the information without a second thought. His injury has caused a hornets nest of activity in the twowheel community, a national figure, so you can see how this could get around at record speed.
Logged
Pages: [1]   Go Up
« previous next »