Pages in topic:   [1 2] >
WARNING: ANOTHER KLEZ VIRUS ON THE RAMPAGE
Thread poster: Parrot

Parrot  Identity Verified
Spain
Local time: 17:54
Member
Spanish to English
+ ...
Oct 23, 2002

My Norton has detected KLEZ in two e-mails that arrived from unknown sources, tagged \"allhollowmass\" in the subject line. These consist of an empty message with two files attached (may be *.scr, *.html or *.exe). Scan ALL INCOMING FILES!


Take care!


(This message was previously posted under \"Bugs\", but since that doesn\'t appear under the Forum headings, I\'m repeating it).


 

italia  Identity Verified
Germany
Local time: 17:54
Italian to German
+ ...
Same happened to me!!! Oct 23, 2002

Quote:


On 2002-10-23 16:18, Parrot wrote:

My Norton has detected KLEZ in two e-mails that arrived from unknown sources, tagged \"allhollowmass\" in the subject line. These consist of an empty message with two files attached (may be *.scr, *.html or *.exe). Scan ALL INCOMING FILES!


Hi! The same happened to me!

Be careful and update your antivirus progams!!!

Regards from Germany


Take care!


(This message was previously posted under \"Bugs\", but since that doesn\'t appear under the Forum headings, I\'m repeating it).


[addsig]


 

Parrot  Identity Verified
Spain
Local time: 17:54
Member
Spanish to English
+ ...
TOPIC STARTER
More details on this have already been posted under BUGS Oct 23, 2002

Please cross-check. The Version is W32.Klez.H@mm and comes in a file called \"Height.exe\". Knowing Klez, though, this may change.


Scan all purported greeting cards, this is a Trojan horse.


 

Ralf Lemster  Identity Verified
Germany
Local time: 17:54
English to German
+ ...
Update virus definitions... Oct 23, 2002

Thanks for specifying it...

For Norton Antivirus users: the virus signature data is contained in the latest definitions (41016b, updated on 16 Oct 2002) - if you can\'t find them in your virus list, you should use LiveUpdate asap to update your definitions.


 

mckinnc  Identity Verified
Local time: 17:54
French to English
+ ...
And I just intercepted Bugbear, sent by... Oct 23, 2002

...someone who contacted me via ProZ. I became suspicious when I saw a Word file with a .src extension after the normal .doc extension.


Be very careful. The best way to get a virus is to accept a dodgy excecutable file on to your PC via email. This way it gets around any firewalls etc. Not what you want really when you rely on your PC for your livelihood!


 

Ralf Lemster  Identity Verified
Germany
Local time: 17:54
English to German
+ ...
You cannot trace the 'Bugbear' worm to a particular sender Oct 23, 2002

Quote:


On 2002-10-23 16:50, mckinnc wrote:

...sent by someone who contacted me via ProZ.



Careful here - it\' particularly easy to be jumping to conclusions, since Bugbear uses its own SMTP engine. Check the description on www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html for details, particularly the section on how it creates e-mails:


Quote:


It then uses its own SMTP engine to send itself to all email addresses that it finds. The worm also can construct addresses for the \"From:\" field using information that it harvests from the infected computer. For example, the worm may find the addresses a@a.com, b@b.com and c@c.com. The worm could create an email message addressed to a@a.com and spoof the \"From:\" address, so that it appears to come from c@b.com. The spoofed address can also be a valid email address that the worm finds on the system.



IOW the \"fact\" that the infected message looked like an e-mail sent via ProZ doesn\'t mean that this is really the case...


I wholeheartedly agree to your point about being extremely vigilant.


 

Spencer Allman
United Kingdom
Local time: 16:54
Finnish to English
How not to open emails Oct 24, 2002

Hi


Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?


Many thanks




 

mckinnc  Identity Verified
Local time: 17:54
French to English
+ ...
Ralf, I didn't say I blamed the person concerned... Oct 24, 2002

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.


Colin


Quote:


On 2002-10-23 16:59, Lemster wrote:

Quote:


On 2002-10-23 16:50, mckinnc wrote:

...sent by someone who contacted me via ProZ.



Careful here - it\' particularly easy to be jumping to conclusions, since Bugbear uses its own SMTP engine. Check the description on www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html for details, particularly the section on how it creates e-mails:


Quote:


It then uses its own SMTP engine to send itself to all email addresses that it finds. The worm also can construct addresses for the \"From:\" field using information that it harvests from the infected computer. For example, the worm may find the addresses a@a.com, b@b.com and c@c.com. The worm could create an email message addressed to a@a.com and spoof the \"From:\" address, so that it appears to come from c@b.com. The spoofed address can also be a valid email address that the worm finds on the system.



IOW the \"fact\" that the infected message looked like an e-mail sent via ProZ doesn\'t mean that this is really the case...


I wholeheartedly agree to your point about being extremely vigilant.



 

mckinnc  Identity Verified
Local time: 17:54
French to English
+ ...
It's not normally the message you have to worry about... Oct 24, 2002

...Often it will be an executable file, which might have a .exe or a .src file extension, that will cause the damage if downloaded to your PC and then run.


Some web-based mail programmes have an anti-virus built in that allows you to check all attachments before downloading.


An awful lot of viruses affect people using Outlook because basic Windows security functionality is very poor and no match for somebody who wants to get in to your PC. Sometimes a virus will find all the entries in your Outlook address book and fire off mail to all the peeople concerned containing viruses.


Nothing to worry about though if you use a good firewall/anti-virus programme and take precautions with e-mail attachments.


Quote:


On 2002-10-24 06:57, Jinko wrote:

Hi


Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?


Many thanks





 

Ralf Lemster  Identity Verified
Germany
Local time: 17:54
English to German
+ ...
Disable the "preview" box Oct 24, 2002

Quote:


On 2002-10-24 06:57, Jinko wrote:

Hi


Excuse my ignorance but how can I not open emails and just delete them? When they appear in the preview box, how can I delete them without clicking on them and therefore downloading them?



I\'m not 100% sure if we\'re talking about the same thing when referring to the \"preview\" box. This is a function in MS Outlook / Outlook Express where you can see the content of the message just by clicking on it (without really opening it). Deactivate this function, since this is one of the favourite exploits of virus creators - you can usually trigger the virus payload simply by looking at a message in the \"preview\" box.

If you just look at message headers in the inbox, you should be able to delete individual messages without triggering an attachment, or a virus/worm that\'s embedded in a message.


 

Ralf Lemster  Identity Verified
Germany
Local time: 17:54
English to German
+ ...
I know you didn't blame anyone... Oct 24, 2002

...but I\'ve seen some runaway threads after the first outbreak of \'bugbear\' blaming ProZ for spreading the virus...

[quote]

On 2002-10-24 15:56, mckinnc wrote:

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.

[quote]

The nasty thing about \'bugbear\' is that not even this is certain - all it tells you is that the worm found the apparent \"sender\'s address\" on the infected machine.


 

Ralf Lemster  Identity Verified
Germany
Local time: 17:54
English to German
+ ...
I know you didn't blame anyone... Oct 24, 2002

...but I\'ve seen some runaway threads after the first outbreak of \'bugbear\' blaming ProZ for spreading the virus...

[quote]

On 2002-10-24 15:56, mckinnc wrote:

...just that the mail came from someone who had originally conatcted me after seeing my details on the site.

[quote]

The nasty thing about \'bugbear\' is that not even this is certain - all it tells you is that the worm found the apparent \"sender\'s address\" on the infected machine.


 

Daniel Meier  Identity Verified
Local time: 17:54
English to German
+ ...
Deleting E-Mails in OutlookExpress Oct 24, 2002

In OutlookExpress you can delete mails in the preview pane by going to the message (NOT double clicking on it!!!). Then you will see the message not actually openig it,as Ralf already said. Sometimes a window might pop up asking, whether you want to open a file, which you of course will not do, because this would load the virus into your computer. You just click Cancel, and then SHIFT+DEL. After conforming this action, it will permanently delete the message from your computer. To my knowledge this works with OutlookExpress 6.0, earlier versions might load the infected file even in the preview pane.

 

Carla Trapani
Local time: 17:54
English to Italian
+ ...
webmail is the answer Oct 24, 2002

Though I update my NAV every week, I usually pre-check my mail by webmail, delete all suspect messages and then download the rest on my OE ...

better lose 5 minutes on the web than a whole afternoon !!!!


See you icon_smile.gif

Carla


 

Spencer Allman
United Kingdom
Local time: 16:54
Finnish to English
Many thanks but.. Oct 25, 2002

Thanks to those of you who answered my query. However, when I click (single) on a message, it opens. So I cannot delete it without opening it. My anti-virus software detects a virus occasionally, but I would just like to delete dodgy-looking messages without opening them at all, and I can\'t,it seems. I use Outlook Express 5. Would it be worth downloading version 6 (I use Windows 9icon_cool.gif?




 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

WARNING: ANOTHER KLEZ VIRUS ON THE RAMPAGE

Advanced search






Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »
WordFinder Unlimited
For clarity and excellence

WordFinder is the leading dictionary service that gives you the words you want anywhere, anytime. Access 260+ dictionaries from the world's leading dictionary publishers in virtually any device. Find the right word anywhere, anytime - online or offline.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search