Someone might have asked this already, but
can’t the ajug mail servers deny the relay of
any and all attachments?
This is from Symantec’s site about
W32.Klez.*
The
body of the email message is random.
NOTES:
- Because this worm uses a
randomly chosen address that it finds on an infected computer as the "From:" address,
numerous cases have been reported in which users of uninfected computers received
complaints that they sent an infected message to someone else.
For example, Linda Anderson is using a computer that is infected with
W32.Klez.H@mm. Linda is not using a antivirus
program or does not have current virus definitions. When W32.Klez.H@mm
performs its emailing routine, it finds the email address of Harold Logan.
It inserts Harold's email address into the "From:" portion of an
infected message that it then sends to Janet Bishop. Janet then contacts
Harold and complains that he sent her an infected message, but when Harold
scans his computer, Norton AntiVirus does not
find anything--as would be expected--because his computer is not infected.
If you are using a current version of Norton AntiVirus
and have the most recent virus definitions, and a full system scan with
Norton AntiVirus set to scan all files does not
find anything, you can be confident that your computer is not infected
with this worm.
- There have been several reports
that, in some cases, if you receive a message that the virus has sent
using its own SMTP engine, the message appears to be a "postmaster
bounce message" from your own domain. For example, if your email
address is jsmith@anyplace.com, you could receive a message that appears
to be from postmaster@anyplace.com, indicating that you attempted to send
email and the attempt failed. If this is the false message that is sent by
the virus, the attachment includes the virus itself. Of course, such
attachments should not be opened.
- The message may be disguised as
an immunity tool. One version of this false message is as follows:
Klez.E
is the most common world-wide spreading worm. It's very dangerous by
corrupting your files. Because of its very smart stealth and
anti-anti-virus technic,most
common AV software can't detect or clean it.We
developed this free immunity tool to defeat the malicious virus. You only
need to run this tool once,and
then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.
-----Original Message-----
From: newsletter
[mailto:newsletter@nami-eastside.org]
Sent: Thursday, June 06, 2002 12:59 AM
To: ajug-jobs@ajug.org
Subject: Worm Klez.E immunity
Klez.E is the most common world-wide spreading
worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV
software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV
monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail
to me.
|