Hi All....I copied and pasted this here as it contains some good info about the KLEZ virus. This virus is making the rounds once again, so please be careful.
Hugs.....Cindy
Posted by llort0 (Ladder Staff) (Ranked 248 on Euchre (Yahoo) Ladder) on May 22, 2002 at 21:14:40:
WORM_KLEZ.G has really exploded these past couple of weeks and a lot of the people do not understand the hows and whys etc.
This is a short blurb and I have the link for the fix and more technicial information.
If this is too Technical or you want "CUT TO THE CHASE" just click the link and follow instructions. Download fix and save it where you can find it.
It should be noted it is possible to have this Virus and not yet be terribly infected.
The worm mass mails itself to recipients found in the default Windows Address Book (WAB). Of the infected computer.
Like other KLEZ variants, this worm may change or spoof the original email address in the FROM: field. It obtains the email addresses (that it places in the FROM: field) from the files it found in the host computer.
The actual email address of the sender is found in the Envelope From field. The email address is taken from the email address of the infected user’s SMTP account
It then constructs the HTML mail, which contains the base64 encoded worm copy. It randomly generates the filename of the attachment.
It then sends commands to the SMTP server to create and send an email. The subject and message body of the email may be randomly composed.
It does not require the email receiver to open the attachment for it to ute. It uses a known vulnerability in Internet Explorer-based email clients to ute the file attachment automatically. This vulnerability is known as Automatic ution of Embedded MIME type. The infected email contains the utable attachment registered as content-type of audio/x-wav or sometimes audio/x-midi, so that when recipients view the infected email, the default application associated with audio files is opened. This is usually the Windows Media Player. The embedded .EXE file cannot be viewed in Microsoft Outlook. More information about this vulnerability is available at Microsoft’s Security Bulletin.
The key here is that careful watching of the subject lines coupled with you have never received an email from them before should say nope delete.
If you are running Outlook Express and the Default settings YOU ARE AT RISK.
A preview pane means you have opened the email.
To shut this off, go View/Layout and at bottom UNCHECK show Preview Pane!!!!!!
This will give you one window with the list of Emails.
Mass-mailing routine
chosen from the following:
How are you
let's be friends
Darling
So cool a flash,enjoy it
Your password
honey
some questions
Please try again
Welcome to my hometown
The Garden of Eden
Introduction on ADSL
meeting notice
questionnaire
congratulations
Sos!
Japanese girl VS playboy
Look,my beautiful girl friend
Eager to see you
Spice girls' vocal concert
Japanese lass' sexy pictures
Undelivarable mail-“%s”
Returned mail-“%s”
a %s %s game
a %s %s tool
a %s %s website
a %s %s patch
%s removal tools
Where %s can be any of the following words:
new
funny
nice
humour
excite
good
powful
WinXP
IE 6.0
W32.Elkern
W32.Klez.E
Symantec
Mcafee
F-Secure
Sophos
Trendmicro
Kaspersky
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G
Sincerely,
Stephen
llort0
Cases Ladder SrStaff