[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: (ET) Virus in Forwarded Mail



Thanks, Steve. That is a very good and useful summary of how to deal with
this virus- and worm-infested internet world. The only thing I would add is
that you check anything that is returned to you to make sure that it is
really something you remember or have record of sending, even if it says it
came from you and has the addresses to match. I believe that the virus (or
worm, in this case) is trying to make you overconfident about an email that
looks "official" by using the "postmaster" sender name, so that you will
open the message and attachment without thinking too much about it.

Herb

----- Original Message -----
From: SteveS <ssawtelle fcc net>
To: <elec-trak cosmos phy tufts edu>
Sent: Monday, June 10, 2002 12:10 PM
Subject: Re: (ET) Virus in Forwarded Mail


> Not to continue off topic, but I think this is important:
>
> I believe the Klez (or one like it) virus uses the "returned message" as 
> a
> way to get you to open the attachment, since you're trying to figure out
> what it was you sent. I got one of those a couple months ago. These
viruses
> also use many variations of subject line so beware of that. The 
> attachment
> names are also all over the place.
>
> In general:
>
> - Use an anti-virus progam
> - Do not open attachments unless you absolutely positively know it's
source
> - Back up your drive often
> - Set higher security levels in email and internet settings
> - Be sure you have all the latest patches to Outlook or whatever you use
> (it's amazing how leaky these programs are)
>
> I know it's all a pain, but it's the world we live in. Some of these 
> newer
> viruses are vicious. Our accountant got one from someone she knew and it
> took her and our server drive out completely. We restored from backups 
> and
> made sure her anti-virus was up to date (it wasn't before).
>
>
>
> ----- Original Message -----
> From: "Herb Crary" <jhcrary earthlink net>
> To: "Elec-trak Mail List" <>
> Sent: Monday, June 10, 2002 2:38 PM
> Subject: Fw: (ET) Virus in Forwarded Mail
>
>
> > Thanks, Dave, for clarifying some things I had neglected to mention.
Some
> of
> > the messages even came from postmaster@someserverIdon'tremember. It 
> > said
> > that a message I had sent was being returned to me due to an error. The
> > attachment to those messages, which contained the virus, were said to 
> > be
> > emails I had sent and were rejected. I didn't recognize the user name 
> > or
> the
> > server name on any of them, so Klez is busily spoofing addresses on
> > someone's server and sending them to every address that it can find,
which
> > evidently includes mine and some others on this list. I'm thankful for
> > Norton Anti Virus-- I can see that it checks everything that goes out 
> > as
> > well as all that comes in.
> >
> > Herb Crary
> >
> > ----- Original Message -----
> > From: David Roden (Akron OH USA) <roden ald net>
> > To: Elec-trak Mail List <elec-trak cosmos phy tufts edu>
> > Sent: Monday, June 10, 2002 7:43 AM
> > Subject: Re: (ET) Virus in Forwarded Mail
> >
> >
> > > On 9 Jun 2002 at 22:06, Herb Crary wrote:
> > >
> > > > I have received five emails in the last two days that Norton Anti
> Virus
> > has
> > > > detected a virus in. It is in an attached file called BGCOLOR.pif;
the
> > virus
> > > > is W32Klez.H@mn, I believe. I have deleted each email that 
> > > > contained
> it
> > for
> > > > safety. Someone who posts to the Elec-trak has had their computer
> > infected.
> > >
> > > Just to be 100% clear here, none of these has been posted to the 
> > > list.
> > Herb
> > > is receiving these messages directly from the victim, not from the
list.
> > So
> > > if you haven't received them please don't feel left out.  <g>
> > >
> > > The Klez worm is able to spoof the "from" address in emails, stealing
> the
> > > addresses from files and emails it finds on the victim's computer.
I've
> > > received emails from a couple of friends, warning me that my computer
> > > supposedly has a virus because they received Klez worms with my name
on
> > > them.  'Taint so.  My computer is clean, and the mail headers show
that
> > the
> > > messages don't originate with my ISP.  Klez is sullying my good name.
> <g>
> > >
> > > Apparently someone to whom Herb has sent email in the past is
infected,
> > and
> > > has the ET list's posting address somewhere in his computer.  The
sender
> > > could be an ET list member, but could just as well not be.  Someone
> could
> > > have forwarded a copy of a post to him, or CCed him on a post.  As
long
> as
> > > the address is on a file somewhere in his computer, Klez will find 
> > > it.
> > >
> > > But it never hurts to run an extra virus scan, just in case.  Of
course
> if
> > > you're running Linux, Windows 3.1, or some other less common OS or
> > variant,
> > > you don't have to worry about this.
> > >
> > >
> > > David Roden - Akron, Ohio, USA
> > > 1991 Solectria Force 144vac
> > > 1991 Ford Escort Green/EV 128vdc
> > > 1970 GE Elec-trak E15 36vdc
> > > 1974 Avco New Idea 36vdc
> > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> > > Thou shalt not send me any thing which says unto thee, "send this to
all
> > >
> > > thou knowest."  Neither shalt thou send me any spam, lest I smite
thee.
> > >
> > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> > >
> > > Est. yearly US cost to safeguard Persian Gulf oil supply: $50 billion
> > >
> > > Est. 2001 value of US crude oil imports from Persian Gulf: $19 
> > > billion
> > > -- Harper's Index, April 2002
> > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> > >
> > >
> > >
> >
> >
> >
>
>