There's a Klez.E worm/virus going around, and it escalates rapidly when it gains a foothold. I got 83 such messages in five days at one widely-publicized address, but it's been going on for three weeks. Now I've seen it appear at two other addresses, and today it tried to infect a mailing list. Some of its Subject: lines are below.
!!! WINDOWS USERS, DO NOT RUN ANY OF THE BINARY ATTACHMENTS OR ALLOW YOUR MAIL PROGRAM TO EXECUTE THEM!!! If you've received any of the following Subject:'s, see http://www.europe.f-secure.com/v-descs/klez_e.shtml for how the virus overwrites files with random data and disables anti-virus programs. One way to block 99% of it out is to limit message bodies to 30 KB. I've done this for the seattle-python and nwpython lists and would recommend it for the Webware and Cheetah lists too, in case it or a similar worm finds the lists someday. Normal large messages are < 3 KB. Other than that, I haven't found a pattern, although if you have a mail server that looks inside binary attachments, it may be able to detect a signature. The From: and envelope-from addresses are usually wildly different, and sometimes the From: address has an invalid top-level domain like .o . Of course, the relay site is usually totally different than the supposed >From site. Here are some of the affected Subject: lines: Your password A special funny game A nice game , body: "This is a very nice game<br> This game is my first work.<br> You're the first player.<br> I hope you would enjoy it." A powerful tool If you are not connected to the Internet W32.Klez.E removal tools Introduction on ADSL Language (filename WebSms[1].htm, type application/octet-stream, From: ttea-pp <ttea-pp at arc.o>, From winkelmann at allrounder.de A special good tool Impostati Eager to see you False) window.parent.GoNext() Tooltips.style.visibility Please try again New Date() A very excite game So cool a flash,enjoy it , name=Nt324-00.doc A very new game How are you A IE 6.0 patch , name=sidprod1[1].htm Password. Make sure you remove the cookies by The command line , file=KEYBOARD.TXT -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol ----- End forwarded message ----- -- -Mike (Iron) Orr, [EMAIL PROTECTED] (if mail problems: [EMAIL PROTECTED]) http://iron.cx/ English * Esperanto * Russkiy * Deutsch * Espan~ol _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
