Worm Klez.E immunity
Gerald Combs
gerald at ethereal.com
Fri Oct 11 21:26:03 CDT 2002
On Fri, 11 Oct 2002, Kurt Kessler wrote:
> Funny that someone from Microsoft would post to a
> Linux users group. That and you would expect someone
> working for Microsoft to have a background in the
> English language. Oh, and what does Klez have to do
> with Linux anyway? :p
The mail almost certainly did not come from someone at Microsoft. It
appears to be Klez.H; see
http://www.f-secure.com/v-descs/klez_h.shtml
and
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
for more details. It sends itself to everyone in the address book
on an infected machine, faking the From: address. This particular
message apparently came from someone at synergy-networks.com who had
"mswsgulf at microsoft.com" in their address book:
[207.227.243.140]) by pow.zing.org (Postfix) with ESMTP id 71BAD54AD0 for
<gerald at zing.org>; Fri, 11 Oct 2002 19:58:41 -0500 (CDT)
marauder.illiana.net (8.12.6/8.12.6) with ESMTP id g9BJkXHn012173 for
<kclug-list at marauder.illiana.net>; Fri, 11 Oct 2002 14:46:33 -0500
(8.12.6/8.12.1/Submit) id g9BJkXgx012171 for kclug-list; Fri,
11 Oct 2002 14:46:33 -0500
X-Authentication-Warning: marauder.illiana.net: majordom set sender to
owner-kclug at marauder.illiana.net using -f
[63.75.167.9]) by marauder.illiana.net (8.12.6/8.12.6) with ESMTP id
g9BJkWHn012167 for <kclug at kclug.org>; Fri, 11 Oct 2002 14:46:33 -0500
Message-Id: <200210111946.g9BJkWHn012167 at marauder.illiana.net>
([63.75.167.9]) with SMTP (MDaemon.PRO.v6.0.7.R) for <kclug at kclug.org>;
Fri, 11 Oct 2002 20:50:44 -0400
> --- mswsgulf <mswsgulf at microsoft.com> wrote:
> >Klez.E is the most common world-wide spreading
> worm.It's very dangerous by corrupting your files.
> Because of its very smart stealth and anti-anti-virus
> technic,most common AV software can't detect or clean
> it.
> We developed this free immunity tool to defeat the
> malicious virus.
> You only need to run this tool once,and then Klez will
> never come into your PC.
> NOTE: Because this tool acts as a fake Klez to fool
> the real worm,some AV monitor maybe cry when you run
> it.
> If so,Ignore the warning,and select 'continue'.
> If you have any question,please mail to me.
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>
>
>
More information about the Kclug
mailing list