Re: [LIB] Worm Klez.E immunity
Date: Tue, 13 Aug 2002 07:32:45 + From: neil barnes [EMAIL PROTECTED] Subject: Re: [LIB] Worm Klez.E immunity From: Pres Waterman [EMAIL PROTECTED] Received: from mail77.basiclink.com ([65.174.100.24]) by mc2-f30.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 12 Aug 2002 21:47:38 -0700 Received: from mail77.basiclink.com (65.174.102.137) by BL24 (MailMax 4. 8. 3. 0) with ESMTP id 39682368 for [EMAIL PROTECTED]; Mon, 12 Aug 2002 21:46:11 -0700 PDT Date: Mon, 12 Aug 2002 23:26:04 -0400 From: Pres Waterman [EMAIL PROTECTED] Subject: Re: [LIB] Worm Klez.E immunity FONTKlez.E is the most common world-wide spreading worm.It's very deleted klez default message You know, this sounds JUST like Neil. Yup yup yup Yup, definitely me, couldn't be mistaken :) Do we have a Richard@Birmingham2000 on the books? Neil _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **
[LIB] Worm Klez.E immunity
Date: Mon, 12 Aug 2002 23:06:47 -0400 (EDT) From: nailed_barnacle [EMAIL PROTECTED] Subject: Worm Klez.E immunity HTMLHEAD/HEADBODY FONTKlez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.br Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.br We developed this free immunity tool to defeat the malicious virus.br You only need to run this tool once,and then Klez will never come into your PC.br NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.br If so,Ignore the warning,and select 'continue'.br If you have any question,please a href=mailto:[EMAIL PROTECTED]mail to me/a./FONT/BODY/HTML ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **
Re: [LIB] Worm Klez.E immunity
Date: Mon, 12 Aug 2002 23:26:04 -0400 From: Pres Waterman [EMAIL PROTECTED] Subject: Re: [LIB] Worm Klez.E immunity FONTKlez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.br Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.br We developed this free immunity tool to defeat the malicious virus.br You only need to run this tool once,and then Klez will never come into your PC.br NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.br If so,Ignore the warning,and select 'continue'.br If you have any question,please a href=mailto:[EMAIL PROTECTED]mail to me/a./FONT/BODY/HTML You know, this sounds JUST like Neil. Yup yup yup Thanks Pres Waterman W2PW c/o Patchogue 112 Ford//Kia 112 Long Island Ford and Kia and Used dealer GO BILLS! ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **
[LIB] Worm Klez.E immunity
Date: Wed, 24 Jul 2002 19:28:16 + From: Matthew Hanson [EMAIL PROTECTED] Subject: Worm Klez.E immunity I just got the email below about a Worm Klez.E immunity program that says Pres sent it to me from his [EMAIL PROTECTED] address. But by looking at the header, I can see it originated from: [EMAIL PROTECTED] The attachment looks more like the Klez virus itself in a .scr file. I sent a message to [EMAIL PROTECTED], and received an automated reply saying that they would look into the problem. The note I sent Pres bounced back from his ISP saying that his mail quota there had been exceeded. Guess we know what that means. If someone knows another email address for him, maybe you could forward this to him, though my guess is he's already aware of the problem. Google reports the following for netvision.net.il is: Netvision This page uses frames, but your browser doesn't support them. Description: ??? ?? ??? ??? ??? ?? Category: World Hebrew ?? (Hebrew characters didn't paste in) I wonder if this is part of a coordinated effort to mess up the internet. Matt Source for the email I received: -- From [EMAIL PROTECTED] Wed, 24 Jul 2002 04:09:30 -0700 Received: from [194.90.9.24] by hotmail.com (3.2) with ESMTP id MHotMailBF07D56D00684004324FC25A0918CAA53; Wed, 24 Jul 2002 04:07:37 -0700 Received: from Arop ([62.0.150.217]) by mxout3.netvision.net.il (iPlanet Messaging Server 5.2 HotFix 0.8 (built Jul 12 2002)) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 24 Jul 2002 13:44:42 +0300 (IDT) Date: Wed, 24 Jul 2002 13:44:09 +0300 (IDT) Date-warning: Date header was inserted by mxout3.netvision.net.il From: pres [EMAIL PROTECTED] Subject: Worm Klez.E immunity To: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 Content-type: multipart/alternative; boundary=Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ) --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ) Content-type: text/html Content-transfer-encoding: 7BIT HTMLHEAD/HEADBODY FONTKlez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.br Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.br We developed this free immunity tool to defeat the malicious virus.br You only need to run this tool once,and then Klez will never come into your PC.br NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.br If so,Ignore the warning,and select 'continue'.br If you have any question,please a href=mailto:[EMAIL PROTECTED]mail to me/a./FONT/BODY/HTML --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ) Content-id: BxKH48MpT Content-type: application/octet-stream; name=Jfcaq.scr Content-transfer-encoding: base64 Content-disposition: attachment; filename=Jfcaq.scr TVqQAAME//8AALgAQAAA 2A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g RE9TIG1vZGUuDQ0KJAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAA ...snip.. +7iGPsZ9eYseukPvWIbAOa92zFKfjcAswCRyXrlhQq3UcRbwBtCnHKZ+UmEcZhM3hgG4cnRO iOSMDzUz/AOT9hPYiE2gyQ5WGg7Bz43Mw0eLIxy8j1gQGRLixU7oHy6PaHmo5HLt3LHE6XFL BlIkxi2Erxj0FnoGEcM3TsF5iFWAQFfSJDaTjxDr89cJwkJtvwsl4LXrr+P2AnHWPaAFQPID yh0hZQMJgnZY8Ajvo6xi1v5YALXa77wIZMlRRK5OAP4gq2UzdH+5lIW3fPzAumO0LZVPUf8A Ykc57rcEL5hWDTGG3n9BBESx2RzJc0bT3xryqKLj68n+IrGdgiez96Ft+TLXWXrhIUdj3V3I Wg0iWj0cxanu6mI9OX9yrP8AIv2BBGwistenSZALc5v+ZeHHvZCnQHCkscs4MSxabpT4lWOy Fiitcrly3AahZPWE33x+vR5fabd93a47/ef/AP8A/wA/J7zb+s8lr3mqXyZy7OJv/wBfCdP7 zh3z4f8ADPlZ5Rdcdo+XU3/rNj+M/9=9 --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ)-- _ Chat with friends online, try MSN Messenger: http://messenger.msn.com ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **
Re: [LIB] Worm Klez.E immunity
Date: Wed, 24 Jul 2002 18:25:08 -0400 From: Pres Waterman [EMAIL PROTECTED] Subject: Re: [LIB] Worm Klez.E immunity I just got the email below about a Worm Klez.E immunity program that says Pres sent it to me from his [EMAIL PROTECTED] address. But by looking at the header, I can see it originated from: [EMAIL PROTECTED] The attachment looks more like the Klez virus itself in a .scr file. I sent a message to [EMAIL PROTECTED], and received an automated reply saying that they would look into the problem. The note I sent Pres bounced back from his ISP saying that his mail quota there had been exceeded. Guess we know what that means. If someone knows another email address for him, maybe you could forward this to him, though my guess is he's already aware of the problem. [EMAIL PROTECTED] is an abandoned account. Furthermore, the way klez works is it takes someone's address book and spoofs addresses found withIN it as the from address. So it looks loke someone had my old address ( all it takes is the default put people I reply to in my address book setting to do that, and then they inadvertently passed on the klez. The mailbox full is indicative of the trash box I send every mail addressed to [EMAIL PROTECTED] to, is full itself. So, I think I ain't it Thanks Pres Waterman, W2PW c/o 112 Motors, LLC Long Island Ford, Kia and Used Dealer GO BILLS! ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **
Re: [LIB] Worm Klez.E immunity
Date: Thu, 25 Jul 2002 01:14:54 + From: Matthew Hanson [EMAIL PROTECTED] Subject: Re: [LIB] Worm Klez.E immunity From: Pres Waterman [EMAIL PROTECTED] [EMAIL PROTECTED] is an abandoned account. The mailbox full is indicative of the trash box I send every mail addressed to [EMAIL PROTECTED] to, is full itself. Hmmm So the [EMAIL PROTECTED] account is still active, but you're not using it any more? Furthermore, the way klez works is it takes someone's address book and spoofs addresses found withIN it as the from address. So it looks loke someone had my old address ( all it takes is the default put people I reply to in my address book setting to do that, and then they inadvertently passed on the klez. I see where the .il domain is Isreal. Think someone there, maybe from the list, had your email address and got hit with Klez? It was just a bit 'funny' that that's quite a hotspot these days where something like this might be more than an inadvertent passing along of Klez. I've been having problems on my L70 that I'm not absolutely certain isn't a new trojan of some kind. Though I'm pretty sure it was the new RealAudio player I just upgraded to. With nothing running at boot, no screensaver or virus software running, scandisk run in Windows was going through failure loops complaining that some software was running that made it impossible to scan the system... and then prompting me to close all running apps. Just a couple of weeks back I had to clean Klez off a friend's system that had the exact same symptom (plus a few). But neither a McAfee scan, or an online scan at the www.antivirus.com site for Trend came up with any virus on my system. I guess what made me nervous was that I had just visited the 'Cult of the Dead Cow' website after Leo Laporte on TechTV had been talking about. Seems they are developing software to help prevent potential Interent problems. And though I trust the group and am pretty certain they wouldn't attack people visitiung their site, as it seems they've always been involved in warning the public about potential security problems, it was a bit creepy having system problems soon after browsing their website. But so I uninstalled the RealOne RealAudio software, and the scandisk problem disappeared, though I was still experiencing a number of odd system behaviours. I think maybe the old Real G2 player I installed after RealOne was having problems playing some .ra files. I uninstalled that, and installed a newer old version 7.0 of RealPlayer, and so far things seem to be working without problems. This has been the most problem I've had with Windows, ad windows software in quite a while, if in fact that was the problem. Maybe it's Karma from suggesting that I'd tamed the 'lion'. :-0 Matt _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives ---TO UNSUBSCRIBE--- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe TO UNSUBSCRIBE DIGEST-- Do above but with this on subject line: cmd:unsubscribe digest **