|
ContinuousWave Whaler Moderated Discussion Areas ContinuousWave: The Whaler GAM or General Area Off topic but important. KLEZ is loose.
|
Author | Topic: Off topic but important. KLEZ is loose. |
JBCornwell |
posted 01-05-2003 09:15 PM ET (US)
I have gotten about 100 Emails in the past week that: 1. Have an unfamiliar boating or fishing related return address (some using screen names of members here, but not their correct Email addresses). 2. Contain no text. Only a ZIP file. 3. The Zip file contains a version of KLEZ virus. Please delete without opening. Red sky at night. . . |
triblet |
posted 01-05-2003 09:25 PM ET (US)
Klez has a life of it's own. It's like the Energizer Bunny -- it keeps going and going and going and ... One would think that a virus which is several months old, and for which the fix was available from MS BEFORE the virus appeared in the wild, would die out quickly. Klez hasn't. One other attribute of Klez: the e-mail files Rule one of safe netting still applies: NEVER Note: the party who APPEARS to have sent the
|
waterguy |
posted 01-05-2003 10:41 PM ET (US)
Maybe an argument for the people that do not want to post their e-mail address... |
triblet |
posted 01-05-2003 11:31 PM ET (US)
Klez finds e-mail addresses by searching the Windows (Outlook) address book. The fact that an e-mail address appears here makes it no more susceptible to RECEIVING Klez UNLESS someone uses that address to add it to their address book, and then infected. Then you get sent a copy of Klez. With reasonable safe internetting, even then you won't get infected. I've received about 540 copies of Klez. Haven't gotten infected yet.
Chuck |
whalersman |
posted 01-05-2003 11:39 PM ET (US)
You can also buy a Macintosh... I open up the Klez Virus whenever I can and it has never affected my Macintsoh. I love Macs as you can see from my Profile.... |
Dr T |
posted 01-05-2003 11:55 PM ET (US)
JB, I sent you a real Email to the address I've used in the past that touches obliquely on this topic. There should be no attachment. tds |
philmoses |
posted 01-06-2003 08:09 PM ET (US)
In response to triblet.... HUH?? Im sorry to inform you but you could not be more WRONG in the following statement... <begin statement> One of the very interesting things about KLEZ was that it had/has the ability to retrieve email addresses from a machines webcache, meaning you need not have any addresses in your windows address book, if you visited a page, there was an email address on the page and its stored in your cache, well then you can receive KLEZ. Bottom line is you need not be in anyones addres book to recieve KLEZ, all you need if your email address somewhere on the web and that page stored in an infected machines webcache. Not to make matter worse but...... forging/spoofing IP addresses is also a relatively easy task, making email *close* to not being trackable. No hard feelings, Im just a stickler about viruses and security. Feel free to correct me when I am wrong. Phil |
kgregg |
posted 01-06-2003 09:29 PM ET (US)
Phil- I had not heard that about the Klez virus so I won't debate you on it. However, Outlook and Outlook Express users are HUGE targets for the people that write viruses (maybe not the Klez virus though) because of the non existant security in these two programs. The Outlook address book is effectively wide open to anyone wanting to write a virus. The virus most often sends itself to email addresses in an Outlook address book. Please keep your anti virus software up to date and consider using an email application other than Outlook. (I use Eudora) My $0.02, Kevin |
jimh |
posted 01-06-2003 09:30 PM ET (US)
There is a new PC virus every day. No classic Boston Whaler has ever been harmed by them. |
philmoses |
posted 01-06-2003 10:04 PM ET (US)
Kgregg, I agree with you completely about the address book in Windows, I just wanted to make sure it is known that the address book is not the only spreading point, that an email address here can make you more susceptible than if your in someones Windows Adress book. Anyway, happy boating. Phil |
Tom W Clark |
posted 01-06-2003 10:06 PM ET (US)
KLEZ? Virus? What are those? |
triblet |
posted 01-06-2003 11:56 PM ET (US)
Phil, from the Symantec (i.e., Norton Anit-Virus) Virus Encyclopedia: "the worm searches the Windows address book, which is used by Microsoft Outlook, for email addresses. The worm sends an email message to these addresses with itself as an attachment." See http://www.symantec.com/avcenter/vinfodb.html It gets 24 hits, mostly on variants of Klez. Further, even it if it does, our email Finally, the way Klez uses the address book
|
jimh |
posted 01-07-2003 12:55 AM ET (US)
I try to avoid having any direct "mailto:" links to users just to keep the viral spread to a minimum. |
Taylor |
posted 01-07-2003 06:40 PM ET (US)
Klez is back? Did it ever really go away? I wonder if GPS/FF combo units are susceptible. Can viruses be downloaded from GPS satellites? Perhaps the fish can figure out how to send a pattern that locks the fishfinder. Is there a piscine electronic warfare department? Are mercury motors more likely to be infected by viruses then Johnson's? What happens to a Brunswick six axis milling machines if it is attacked by a virus? And what is the result!? I think these and other related topics need to be explored much more fully. |
philmoses |
posted 01-07-2003 08:35 PM ET (US)
Triblet, You want a URL, you get a URL... http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html MOST importantly read the following... THEN IT SPECIFIES THE FILES (the "local" files meantioned on the webpage)...
As far as the infected machine being the last IP address, thats a joke, as I said, spoofing an IP address and forging an email to seem as though it came from the last IP in a header is a realtively easy task. Your email address is on a webpage here on continuouswave, which means it can be in someones cache... http://continuouswave.com/cgi-bin/ubbmisc.cgiaction=getbio&UserName=triblet
Usually if I keep my mouth shut on issues, but this was another case, hopefully I did not offend anyone. Anyway, Ive gone beyond my time for *free advice*, further information on this topic needs to charged for. Phil |
triblet |
posted 01-08-2003 10:11 AM ET (US)
OK, it does search the cache. It's far more likely to find stuff in the address book, esp. when some people run with an option that puts From: of every e-mail they receive in their address book. In the case of Klez, the infected machine IS The web page you listed 404s, but my email http://continuouswave.com/cgi-bin/Ultimate.cgi?action=email&ToWhom=triblet which I knew. As I pointed out earlier, the My advice remains free. It's probably
|
Powered by: Ultimate Bulletin Board, Freeware Version 2000
Purchase our Licensed Version- which adds many more features!
© Infopop Corporation (formerly Madrona Park, Inc.), 1998 - 2000.