[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT



first, patch from MS to prevent oe from getting the virus:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

kevin,
actually its very harmless, one dangerous variant of it does this:

Payload: Disables common antivirus products
Large scale e-mailing: Mails email adddresses found in local files, and Outlook and ICQ address
books
***Modifies files: Overwrites files with zeros on the 6th of every odd numbered month (January,
March, May, July, September, November)

*****by the way, may 6th is in 3 days*****

another variant does this:

Payload Trigger: On the 13th of every un-even month or based on a random value
Payload:
Large scale e-mailing: Email all addresses in the Windows Address Book (WAB)
***Modifies files: Zero out the content of all files on all drives between C: and Z:

how it gets your info/sends itself:
This worm searches the Windows address book, the ICQ database, and local files for email addresses.
The worm sends an email message to these addresses with itself as an attachment. The worm contains
its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm
encounters the address user@abc123.com it will attempt to send email via the server smtp.abc123.com.

pretty nasty sucker, depending on the variant that you have
Al

Allyn Malventano, ETC(SS), USN
87 Rieger GTO Scirocco 16v (daily driver, 170k, rocco #6)
86 Kamei Twin 16V Turbo Scirocco GTX ('it has begun', rocco #7)
87 Jetta 8v Wolfsburg 2dr (daily driver, 260k, 0 rattles, original clutch, driveshafts, wheels :)


----- Original Message -----
From: "Kevin Collins" <kcollins1@socal.rr.com>
To: "the hitman" <vwscir88@hotmail.com>
Cc: <scirocco-l@scirocco.org>
Sent: Friday, May 03, 2002 11:32 PM
Subject: Re: virus?(ot)


> the hitman wrote:
>
> > i've been getting a ton of these emails that have topics like "hi honey" ..
>
> That's the Klez worm.  It's spreading rampantly right now.  Ignore whatever
> shows as "from" - it can spoof origin email addresses out of other victims'
> address books.  It's fairly harmless - you DO have some kind of antivirus
> protection in place, I presume??
>
> --
> Kevin Collins
> Huntington Beach, CA
> '86.5 16V 2.0
> '00 Passat GLS 1.8T
>
> _______________________________________________
> Scirocco-l mailing list
> Scirocco-l@scirocco.org
> http://neubayern.net/mailman/listinfo/scirocco-l