Re: W32.Klez.h@mm Trojan/Virus

Mon, 15 Jul 2002 14:16:43 -0700 

Glenn,

Yes, we've noticed this at our house.  It does cute things like
spoof the From: field, and will often masquerade as a "rejected"
message that you never sent.

For the curious, one of the "cute" ways that it auto-launches
its payload is to identify the inclusion/attachment as a file of
type "mid" or "wav" or some other extension that is *usually*
automatically "played" by the viewer.

I'm sure many readers have opened a message with tunes attached
and had to listen to the looping music as they read the (often
long) message.  By fooling the viewer into identifying the
attachment as "music" or some other auto-launch type, the worm
can be effective if you merely preview it.

Like you, I have disabled the preview panel.  If I have *any*
doubt, I use the "properties" dialog, choose "View Source", and
look at the contents that way.  About once a week I'll find a
message that has some value, but mostly what I find is chaff or
poison.

As soon as we have handled a couple of minor things with our
ISP, we'll be switching to Eudora (which we've now bought).

~~ Garry


Original Message:
-----------------
From: Glenn Gilbreath Jr. [EMAIL PROTECTED]
Date: Mon, 15 Jul 2002 15:38:15 CST
To: [EMAIL PROTECTED]
Subject: [SURVPC] W32.Klez.h@mm Trojan/Virus


Hi List!

Just wanted to pass along a warning about an increase in the
incidence of W32.Klez.h@mm "mass mailer" Outlook/Outlook Express
trojan/virus.  It usually arrives in your inbox as a message with
file attachment, generally around 120kb, many times as a MIDI and
a JPEG, though also as a WAV with image file.  Most of the antivirus
software companies have updated their signature/definition files
to detect it, so be sure and download these updates.  As a reminder,
if you or someone you know uses Win9X and Outlook/Outlook Express,
be sure and DO NOT enable "autopreview" in the options.  Even just
the preview of the attachment will trigger the payload.

C U L8R!
Wiz  <{;-)Wizard57M
Glenn Gilbreath Jr.
http:[EMAIL PROTECTED]/index.htm
-- DOS Internet, Close Windows and Keep the Internet Open! --

To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html


--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with 
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html

Reply via email to