Author Topic: Bombarded with Klez Worm today, Be careful (Read 248 times)

Vermillion · « **on:** August 06, 2002, 04:08:36 PM »

Hey Guys

Everyone should make sure they're anti-virus scanner is up to date.

I''ve been bombarded today by the klez worm (luckily my antivirus on both machines are up to date) coming from 3 distinct email address.

7 from a money at something
1 from mvermillion at something
4 from a karen2000 something

The worst part is that the virus seems to be one of the nastier varients that then emails itself back out and "signs it" from one of the names that it picked up from the address book, not necessarily from the computer it came from. So it could be coming from somewhere else than it seems. I know this, because I've had 3 bounces back of the same virus coming back to my box, with my address in the "sent from" box, and its "to address" are ones I've never seen before and I don't know.

So if you guys get sent something supposedly from me with a 100k to 150k attachement, its not from me.

I would also make sure (depending on your email program) you have any "Microsoft viewers" turned off, which simulate Outlook. HTML turned off, especially any ability to run executeables from HTML code (or any other code for that matter) in the HTML.. And make sure that any "preview" is set to ascii text only.

Just an FYI

Verm

Innominate · « **Reply #1 on:** August 06, 2002, 05:30:16 PM »

I find it hard to believe that anyone still uses outlook. Even harder to believe that "do not run unknown programs emailed to you" is still something people need to be told.

-ammo- · « **Reply #2 on:** August 06, 2002, 05:34:58 PM »

thx verm. I have seen the klez virus lately also.
I use Outlook, and like it:) What email clients are you guys using?

Innominate · « **Reply #3 on:** August 06, 2002, 05:51:47 PM »

I usually use pine.

With windows, I've always liked eudora.

HTML email is evil, and whoever had the idea "hey we can make our email client act like a web browser!" should be drawn, quartered, and forced to run a public outlook virus helpdesk.

Wlfgng · « **Reply #4 on:** August 06, 2002, 05:53:47 PM »

linux Emumail

Chairboy · « **Reply #5 on:** August 06, 2002, 06:02:23 PM »

I prefer to just telnet straight into port 110 and act like a mail client.

+OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
APOP chairboy c4c9334bac560ecc979e58001b3e2 2fb
+OK chairboy's maildrop has 2 messages (320 octets)
STAT
+OK 2 320
LIST
+OK 2 messages (320 octets)
1 120
2 200
.
RETR 1
+OK 120 octets
(Now my mail server sends me the first message)
.
DELE 1
+OK message 1 deleted
RETR 2
+OK 200 octets
(at this point, my mail server sends me my 2nd message)
.
DELE 2
+OK message 2 deleted
QUIT
+OK chairboy POP3 server signing off (maildrop empty)

It's easy, y'all, and secure.

Vermillion · « **Reply #6 on:** August 06, 2002, 06:53:16 PM »

Personally, I use Eudora Light.

And then I make sure to set it up, the way I describe above

Innominate · « **Reply #7 on:** August 06, 2002, 07:32:42 PM »

Quote

Originally posted by Chairboy
I prefer to just telnet straight into port 110 and act like a mail client.

Telnet?
BAH.

cat /var/mail/sirrobin|more

senna · « **Reply #8 on:** August 06, 2002, 07:42:14 PM »

+OK POP3 server ready <1896.697170952@dbc.mtview.ca.us>
APOP chairboy c4c9334bac560ecc979e58001b3e2 2fb
+OK chairboy's maildrop has 2 messages (320 octets)
STAT
+OK 2 320
vrfy Al Gore
+Kurt.Tank@FockeWulf.gmbh.com

Oh oh

Puke · « **Reply #9 on:** August 07, 2002, 10:15:50 AM »

Though I have a home office, my work REQUIRES that I use Outlook. I'm out a job if I don't have it. It has to do with how assignments are assigned and statused and then reports sent back. If I had my way...

LePaul · « **Reply #10 on:** August 07, 2002, 10:48:31 AM »

My mailserver is unique, it takes email into a spool folder, which Norton AntiVirus hones in on, and removes the virus before being processed by the mail server. Slight CPU overhead but its a dual cpu machine. Never been email virus'd nor have any of my customers.

In Norton's infinite wisdom, none of their newer home/office products will install on Windows NT Server (or anything "Server"). Their thought is if you can afford a server, you can pay $999 for a $49 virus scanner...

(Norton AntiVirus 2000 installs fine on NT and for $9.95 yearly, you can subscribe for all the virus updates....FYI)

Oh, and I use Outlook. Got tired of the yearly "pay $49 for Eudora Pro" that doesnt do anythint substancially better than the Light version. Kooky me thought I'd be a nice guy and PAY for the Pro version since I'd enjoyed the Light version so much. No good deed goes unpunished

Turbot · « **Reply #11 on:** August 07, 2002, 11:53:36 AM »

free online virus scan

http://www.antivirus.com

or

http://www.trendmicro.com

Look under free tools on top menu bar

Flossy · « **Reply #12 on:** August 07, 2002, 12:16:38 PM »

Quote

Originally posted by -ammo-
What email clients are you guys using?

I use TheBat - very powerful email program, especially as I can filter all my email into various folders according to what its about or how it's addressed - like for scenarios, I use scenarios@flos.clara.co.uk and any email to that address automatically gets sorted into my Scenarios folder....

bloom25 · « **Reply #13 on:** August 07, 2002, 01:30:24 PM »

Telnet is NOT secure. Your username and password are send ASCII text.

Use SSH. Putty is a free program that allows some other fun things like X11 tunneling (if you need to use X windows) through SSH.

Chairboy · « **Reply #14 on:** August 07, 2002, 02:07:23 PM »

Secure from Outlook Worms.