Pages in topic:   [1 2] >
WARNING: ANOTHER KLEZ VIRUS ON THE RAMPAGE
Thread poster: Parrot

Parrot  Identity Verified
Spain
Local time: 03:23
Member (2002)
Spanish to English
+ ...
Oct 23, 2002

My Norton has detected KLEZ in two e-mails that arrived from unknown sources, tagged \"allhollowmass\" in the subject line. These consist of an empty message with two files attached (may be *.scr, *.html or *.exe). Scan ALL INCOMING FILES!



Take care!



(This message was previously posted under \"Bugs\", but since that doesn\'t appear under the Forum headings, I\'m repeating it).


Direct link Reply with quote
 

italia  Identity Verified
Germany
Local time: 03:23
Italian to German
+ ...
Same happened to me!!! Oct 23, 2002

Quote:


On 2002-10-23 16:18, Parrot wrote:

My Norton has detected KLEZ in two e-mails that arrived from unknown sources, tagged \"allhollowmass\" in the subject line. These consist of an empty message with two files attached (may be *.scr, *.html or *.exe). Scan ALL INCOMING FILES!



Hi! The same happened to me!

Be careful and update your antivirus progams!!!

Regards from Germany



Take care!



(This message was previously posted under \"Bugs\", but since that doesn\'t appear under the Forum headings, I\'m repeating it).


[addsig]

Direct link Reply with quote
 

Parrot  Identity Verified
Spain
Local time: 03:23
Member (2002)
Spanish to English
+ ...
TOPIC STARTER
More details on this have already been posted under BUGS Oct 23, 2002

Please cross-check. The Version is W32.Klez.H@mm and comes in a file called \"Height.exe\". Knowing Klez, though, this may change.



Scan all purported greeting cards, this is a Trojan horse.


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:23
English to German
+ ...
Update virus definitions... Oct 23, 2002

Thanks for specifying it...

For Norton Antivirus users: the virus signature data is contained in the latest definitions (41016b, updated on 16 Oct 2002) - if you can\'t find them in your virus list, you should use LiveUpdate asap to update your definitions.


Direct link Reply with quote
 
mckinnc  Identity Verified
Local time: 03:23
French to English
+ ...
And I just intercepted Bugbear, sent by... Oct 23, 2002

...someone who contacted me via ProZ. I became suspicious when I saw a Word file with a .src extension after the normal .doc extension.



Be very careful. The best way to get a virus is to accept a dodgy excecutable file on to your PC via email. This way it gets around any firewalls etc. Not what you want really when you rely on your PC for your livelihood!


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:23
English to German
+ ...
You cannot trace the 'Bugbear' worm to a particular sender Oct 23, 2002

Quote:


On 2002-10-23 16:50, mckinnc wrote:

...sent by someone who contacted me via ProZ.



Careful here - it\' particularly easy to be jumping to conclusions, since Bugbear uses its own SMTP engine. Check the description on www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html for details, particularly the section on how it creates e-mails:



Quote:


It then uses its own SMTP engine to send itself to all email addresses that it finds. The worm also can construct addresses for the \"From:\" field using information that it harvests from the infected computer. For example, the worm may find the addresses a@a.com, b@b.com and c@c.com. The worm could create an email message addressed to a@a.com and spoof the \"From:\" address, so that it appears to come from c@b.com. The spoofed address can also be a valid email address that the worm finds on the system.



IOW the \"fact\" that the infected message looked like an e-mail sent via ProZ doesn\'t mean that this is really the case...



I wholeheartedly agree to your point about being extremely vigilant.

Direct link Reply with quote
 
Spencer Allman
United Kingdom
Local time: 02:23
Finnish to English
How not to open emails Oct 24, 2002

Hi



Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?



Many thanks





Direct link Reply with quote
 
mckinnc  Identity Verified
Local time: 03:23
French to English
+ ...
Ralf, I didn't say I blamed the person concerned... Oct 24, 2002

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.



Colin



Quote:


On 2002-10-23 16:59, Lemster wrote:

Quote:


On 2002-10-23 16:50, mckinnc wrote:

...sent by someone who contacted me via ProZ.



Careful here - it\' particularly easy to be jumping to conclusions, since Bugbear uses its own SMTP engine. Check the description on www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html for details, particularly the section on how it creates e-mails:



Quote:


It then uses its own SMTP engine to send itself to all email addresses that it finds. The worm also can construct addresses for the \"From:\" field using information that it harvests from the infected computer. For example, the worm may find the addresses a@a.com, b@b.com and c@c.com. The worm could create an email message addressed to a@a.com and spoof the \"From:\" address, so that it appears to come from c@b.com. The spoofed address can also be a valid email address that the worm finds on the system.



IOW the \"fact\" that the infected message looked like an e-mail sent via ProZ doesn\'t mean that this is really the case...



I wholeheartedly agree to your point about being extremely vigilant.



Direct link Reply with quote
 
mckinnc  Identity Verified
Local time: 03:23
French to English
+ ...
It's not normally the message you have to worry about... Oct 24, 2002

...Often it will be an executable file, which might have a .exe or a .src file extension, that will cause the damage if downloaded to your PC and then run.



Some web-based mail programmes have an anti-virus built in that allows you to check all attachments before downloading.



An awful lot of viruses affect people using Outlook because basic Windows security functionality is very poor and no match for somebody who wants to get in to your PC. Sometimes a virus will find all the entries in your Outlook address book and fire off mail to all the peeople concerned containing viruses.



Nothing to worry about though if you use a good firewall/anti-virus programme and take precautions with e-mail attachments.



Quote:


On 2002-10-24 06:57, Jinko wrote:

Hi



Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?



Many thanks







Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:23
English to German
+ ...
Disable the "preview" box Oct 24, 2002

Quote:


On 2002-10-24 06:57, Jinko wrote:

Hi



Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?



I\'m not 100% sure if we\'re talking about the same thing when referring to the \"preview\" box. This is a function in MS Outlook / Outlook Express where you can see the content of the message just by clicking on it (without really opening it). Deactivate this function, since this is one of the favourite exploits of virus creators - you can usually trigger the virus payload simply by looking at a message in the \"preview\" box.

If you just look at message headers in the inbox, you should be able to delete individual messages without triggering an attachment, or a virus/worm that\'s embedded in a message.

Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:23
English to German
+ ...
I know you didn't blame anyone... Oct 24, 2002

...but I\'ve seen some runaway threads after the first outbreak of \'bugbear\' blaming ProZ for spreading the virus...

[quote]

On 2002-10-24 15:56, mckinnc wrote:

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.

[quote]

The nasty thing about \'bugbear\' is that not even this is certain - all it tells you is that the worm found the apparent \"sender\'s address\" on the infected machine.


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 03:23
English to German
+ ...
I know you didn't blame anyone... Oct 24, 2002

...but I\'ve seen some runaway threads after the first outbreak of \'bugbear\' blaming ProZ for spreading the virus...

[quote]

On 2002-10-24 15:56, mckinnc wrote:

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.

[quote]

The nasty thing about \'bugbear\' is that not even this is certain - all it tells you is that the worm found the apparent \"sender\'s address\" on the infected machine.


Direct link Reply with quote
 

Daniel Meier  Identity Verified
Local time: 03:23
English to German
+ ...
Deleting E-Mails in OutlookExpress Oct 24, 2002

In OutlookExpress you can delete mails in the preview pane by going to the message (NOT double clicking on it!!!). Then you will see the message not actually openig it,as Ralf already said. Sometimes a window might pop up asking, whether you want to open a file, which you of course will not do, because this would load the virus into your computer. You just click Cancel, and then SHIFT+DEL. After conforming this action, it will permanently delete the message from your computer. To my knowledge this works with OutlookExpress 6.0, earlier versions might load the infected file even in the preview pane.

Direct link Reply with quote
 

Carla Trapani
Local time: 03:23
English to Italian
+ ...
webmail is the answer Oct 24, 2002

Though I update my NAV every week, I usually pre-check my mail by webmail, delete all suspect messages and then download the rest on my OE ...

better lose 5 minutes on the web than a whole afternoon !!!!



See you



Carla


Direct link Reply with quote
 
Spencer Allman
United Kingdom
Local time: 02:23
Finnish to English
Many thanks but.. Oct 25, 2002

Thanks to those of you who answered my query. However, when I click (single) on a message, it opens. So I cannot delete it without opening it. My anti-virus software detects a virus occasionally, but I would just like to delete dodgy-looking messages without opening them at all, and I can\'t,it seems. I use Outlook Express 5. Would it be worth downloading version 6 (I use Windows 9?





Direct link Reply with quote
 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

WARNING: ANOTHER KLEZ VIRUS ON THE RAMPAGE

Advanced search






BaccS – Business Accounting Software
Modern desktop project management for freelance translators

BaccS makes it easy for translators to manage their projects, schedule tasks, create invoices, and view highly customizable reports. User-friendly, ProZ.com integration, community-driven development – a few reasons BaccS is trusted by translators!

More info »
CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search