Are you a NY Verizon.net customer? You may have the Klez virus.

  ContinuousWave
  Whaler
  Moderated Discussion Areas
  ContinuousWave: The Whaler GAM or General Area
  Are you a NY Verizon.net customer? You may have the Klez virus.

search | FAQ | profile | register | author help

Author Topic:   Are you a NY Verizon.net customer? You may have the Klez virus.

triblet posted 08-07-2002 11:19 AM ET (US)
I just got a Klez infected e-mail. It originated
at IP address 151.202.189.237, which resolves
to pool-151-202-189-237.ny5030.east.verizon.net,
which is the infected machine. It's very like
it's one of you.
It purported to come from jimh, but Klez
randomly selects one of your correspondents
for the From:, so that's a lie.
The subject was Caribee Boat Sales, which may
also be familiar to the infectee.
For more info on Klez, go to
http://www.symantec.com/avcenter/vinfodb.html
and do a search on Klez.
Chuck
jimh posted 08-07-2002 01:58 PM ET (US)
I get about 50-80 copies of the KLEZ virus daily. It makes you wonder why people would ever use OUTLOOK.
Morocco posted 08-07-2002 02:16 PM ET (US)
Jim,
What email do you use? I use outlook because it came bundled with my DSL -- unfortunately my Eudora seems prone to crashing.
Chuck
Same thing happened to me today, too. McAfee picked it right up -- even thought I never open attachments without scanning, especially when the subject is "Hey Morocco look my beautiful girl"
triblet posted 08-07-2002 10:24 PM ET (US)
It is HIGHLY unlikely that it came from JimH.
The way Klez works is that it scans for
e-mail addresses (I don't remember if it's
your address book or your e-mails) and sends
itself to those it finds, randomly selecting
the From: amongst those.
So what happened is that someone became
infected with Klez, and that someone had
both my e-mail address and JimH's in a place
Klez could find it. Klez picked JimH as the
From: and me (and everybody else) as the to:,
and sent itself on. I could tell it was
Klez by eyeball.
Klez uses a variety of subject lines to try
to get you to open the attachment. Those
subject lines vary from technical ("Klez
removal tool" or somesuch to porn. It
doesn't matter whether you run OE or Netscape
or Mozilla or whatever. If you open it,
you get infected. Now, if you haven't kept
up on your OE maintenance, you can get
infected without explicitly opening the
attachment. Anybody who doesn't keep up
on OE maintenance is asking to get infected.
BTW, I use Netscape 4.79 for e-mail, and
will migrate to the latest Mozilla when
either have some time to migrate some hacks
I did on Netscape to allow me to read mail
from several different systems, OR the need
to read from several systems goes away
(Nov 15 is the plan of record).
Chuck

Hop to:

Contact Us | RETURN to ContinuousWave Top Page

Powered by: Ultimate Bulletin Board, Freeware Version 2000
Purchase our Licensed Version- which adds many more features!
© Infopop Corporation (formerly Madrona Park, Inc.), 1998 - 2000.

Author	Topic: Are you a NY Verizon.net customer? You may have the Klez virus.
triblet	posted 08-07-2002 11:19 AM ET (US) I just got a Klez infected e-mail. It originated at IP address 151.202.189.237, which resolves to pool-151-202-189-237.ny5030.east.verizon.net, which is the infected machine. It's very like it's one of you. It purported to come from jimh, but Klez randomly selects one of your correspondents for the From:, so that's a lie. The subject was Caribee Boat Sales, which may also be familiar to the infectee. For more info on Klez, go to http://www.symantec.com/avcenter/vinfodb.html and do a search on Klez. Chuck
jimh	posted 08-07-2002 01:58 PM ET (US) I get about 50-80 copies of the KLEZ virus daily. It makes you wonder why people would ever use OUTLOOK.
Morocco	posted 08-07-2002 02:16 PM ET (US) Jim, What email do you use? I use outlook because it came bundled with my DSL -- unfortunately my Eudora seems prone to crashing. Chuck Same thing happened to me today, too. McAfee picked it right up -- even thought I never open attachments without scanning, especially when the subject is "Hey Morocco look my beautiful girl"
triblet	posted 08-07-2002 10:24 PM ET (US) It is HIGHLY unlikely that it came from JimH. The way Klez works is that it scans for e-mail addresses (I don't remember if it's your address book or your e-mails) and sends itself to those it finds, randomly selecting the From: amongst those. So what happened is that someone became infected with Klez, and that someone had both my e-mail address and JimH's in a place Klez could find it. Klez picked JimH as the From: and me (and everybody else) as the to:, and sent itself on. I could tell it was Klez by eyeball. Klez uses a variety of subject lines to try to get you to open the attachment. Those subject lines vary from technical ("Klez removal tool" or somesuch to porn. It doesn't matter whether you run OE or Netscape or Mozilla or whatever. If you open it, you get infected. Now, if you haven't kept up on your OE maintenance, you can get infected without explicitly opening the attachment. Anybody who doesn't keep up on OE maintenance is asking to get infected. BTW, I use Netscape 4.79 for e-mail, and will migrate to the latest Mozilla when either have some time to migrate some hacks I did on Netscape to allow me to read mail from several different systems, OR the need to read from several systems goes away (Nov 15 is the plan of record). Chuck