The following message had attachment(s) which contained the viruses: >From : [EMAIL PROTECTED] To : [EMAIL PROTECTED] Subject : Questionnaire Date : Wed, 05 Jun 2002 06:57:28 -0400 Message-ID:
Attachment Virus name Action taken ------------------------------------------------------------------------------ cf325292514.att Exploit.IFrame.FileDownloadRemoved *** KLEZ ALERT *** UPDATED MAY 6 2002 If this notification was generated due to any Klez virus variant (see above), then you should keep reading, since your machine might be infected by the virus. Some URLs in this message below may wrap to a second line. If that occurs, clicking on them does not work. To follow a multi-line link, please copy and paste its parts into your browser's address window to reassemble it into a working URL. Note that if your network uses other protocols for e-mail delivery other than SMTP (for example, POP3), Klez could find its way onto your network without your SMTP proxy getting the chance to strip the executable attachment. KLEZ FORWARDS RANDOM FILES In the last 30 days, experts have found that Klez.H sometimes attaches a random file from your hard drive into the infected e-mail it sends from your machine. Thus, a Klez.H-infected e-mail will include two attachments. One is the infected .EXE, .BAT, .PIF or .SCR file, and the second is some random file from the sender's computer. Although this second file is not infected by the worm, it could contain sensitive information the sender does not intend you to see. If you are infected with Klez.H, know that it could send sensitive documents to your e-mail contacts. This ZDnet story <http://techupdate.zdnet.co.uk/story/0,,t481-s2108922,00.html> includes details on this aspect of Klez.H. KLEZ FORGES "FROM" AND "TO" E-MAIL HEADERS Some of your may already know that Klez.H will forge the "From:" header with a random e-mail address it finds on the infected PC. This means that if you receive the Klez.H worm, the person it appears to be from is not really the person who sent it. Many professionals are worried that this worm will harm their reputation since their clients might see their e-mail address as the sender. If you receive Klez.H e-mails, keep in mind it is not really coming from the sender you see in the e-mail header. Finally, if you are accused of sending the Klez.H worm you could send your accuser this article <http://www.wired.com/news/technology/0,1282,52055,00.html> from Wired in order to clear up the misunderstanding. MORE INFORMATION For more information, see sources such as Symantec at: <http:[EMAIL PROTECTED] tml> **********************************************************************
