This may have been posted already... chances are it has (and my apologies in advance...)

This is about the Klez worms that have been going around. Normally, we all know that viruses suck, they screw up things, fill files with zeros, etc., and the worm ones mail themselves off to everyone in your addy book.

This one takes random email addresses and puts it in the 'from field' making it look like someone else sent it. I contacted Charles about this (before I realized that this is what it did).

Now, while that is annoying, the reason I'm writing this is because of the info I read here:

http://www.f-secure.com/v-descs/klez_h.shtml

Specifically:

7. It was also noticed that latest Klez variants including Klez.H can send out user's files with its message. The worm can randomly pick up a file with one of the following extensions and attach it to its infected message:


.txt
.htm
.html
.wab
.asp
.doc
.rtf
.xls
.jpg
.cpp
.c
.pas
.mpg
.mpeg
.bak
.mp3
.pdf

So in some cases user's comfidential data can be sent out from an infected system.

I have personally gotten customer information (a 2checkout order complete with customer name, address, etc.) as well as files from people's computers and you need to know that this risk exists and that this virus will snag random files off your HD and mail them off to countless new potential vistims, along with the virus itself.

This is not good...

This is another file I got (see attachment)... I'm guessing that most of you do nto have this file saved on your HD, and if you do, maybe you can recognize it and will learn that your machine has been infected.

Eww sounds worse then anthrax :( in virtual reality. I hope the 2checkout email wasn't from me as well because i have this virus. Looks like i'm going to be doing some formating tonight ... :rolleyes: :mad: :mad:

Please tell me it's not true!
Guess my evening's going to be spent backing up and deleting a lot of files from this HD. :bawling:

I just figure that if you placed the following order from:

statesidedvduk.com

Qty: 1 Product Id: DVD - Desert Camp Sex Exchange ($33.00)
Qty: 1 Product Id: DVD - Italian Flair ($33.00)
Total: $66.00

You probably wouldn't want your name and address floating around the net (this was from the 2checkout order page - a confirmation email that stateside must have saved on their machine).

http://www.symantec.com theres a cleaner on there.

These things are entertaining, at least for me. It's fun to open up the various documents included with the email and see what special thing I got (with a program that won't allow them to infect, of course). With SirCam (or whatever) a while back, I got, among other things, a wedding plan, a Top 10 list of texan jokes (which actually contained 45 jokes), and a junior soccer team field guide.

It pays to take the bite and buy some Antivirus Software. I got the first versions a week ago ( I think it was Friday or Saturday last week) and my lovely NORTON AV saved my live. :cool:

Yes it is quite interesting... a small picture of some girl (quite a looker too), some odd HTML pages, a serial number for a program (version 6.2 but it doesn't say what program :().

My house PC got infected with this worm/virus. It started sending copies to everyone, and I found out that I have this virus when an e-mail bounced from whtads@webhostingtalk.com saying that I got a virus - I never even contacted this e-mail. I went to download Norton, but the virus wouldn't let me install it - heh.

The bad thing is that I formatted my HD a day before I got the virus. :(

haven't seen any mention of this particular e-mail/subject in the advisories (attached).

fortunately, my trusty McAfee Active Shield saved the day!

k:D

I've been recieving too many of these each day for the past week.

I don't have any anti-virus software, but thankfully, I make it a habbit not to download any attachments.

hey guys i just got hit with it too but norton picked it up right away and locked it away. it seems there ahead of the game this time or i just got realy lucky.
yea i know what it can do and other mean stuff as well that is rumerd it can do.
just keep your virii deff's up todate and you should be fine.
for sencitive data i sajest having a second computer that is NOT conected to the internet and just use flopys to transfer the info over and delet it from the one that is on.
a bit of a pain but could prevent a law suit
james

I just finished cleaning up a computer with that virus for a friend, what a mess it was. It had somehow infected a bunch of her Windows files, basically prevented Norton from working, and several other things. What a pain to clean it up.

-Shawn

Thanks for informing us Chicken. It's definately something to look out for and stay clear of.

With all the customers that contact me a day, I get 20 or more infected mail a day. Back on April 18th when it first started, I was getting close to 100 - 150 a day. Then someone sent me an e-mail saying I had sent them the virus. I was pissed, I tried sooo hard to avoid getting it. Spent all day cleaning to find out I never even had it, someone else who had me in their address book had it and sent it out like it came from me. You can look in the properties of the e-mail to see who it really came from.
I never open attachments unless I was expecting it, what worries me is the ones you get without even opening the mail.

yep exactly, just avoiding opening attachments isn't the way to stop viruses. There's plenty you can just right off webpages now due to javascript exploits and what not. I remember my fiancee showing me her father's bank's website after it got hacked. I took a look at the front page and Norton threw me into DOS like a slap on the head until it cornered the virus I'd just gotten in my windows/temp/ directory. (win 98)

I've covered three OP's (Win 98, Win ME, and not Win XP) with Norton. It's cost me a new version everytime I upgrade as none ever work with a new version of windows, but I think of it as a required expense. I didn't even update XP till I has Norton Systemworks 2002 installed and updated.

That and Zonealarm running 24/7 - both set to auto-update as each program feels is required.

I'm one of those people that feels you cannot be too paranoid about security. (Just reading my server logs each night is enough to reinforce that).

To date, two viruses in seven years online - both when I wasn't running protection, and both years ago. Without protection I'd have been infected dozens (if not more than 100) times.

I have a design client who's constantly infecting their office with viruses. They're about 20 minutes walk from where I live, and send me files all the time *shudder* In fact, last time I went to collect material from them one guy was under a desk hooking the main computer back up after collecting yet another virus. They spent two days running their business' e-mail off a boat anchor they pulled from a cupboard :)

Greg Moore

Man err i got the virus I'm about to start formating in a few min, like i say a virus is like sex, you want to ware protection.

Virus? What's that? Is that like rebooting? I keep seeing Windows users talk about viruses and rebooting all the time. Are they some kind of Windows features? :confused:

Just kidding. :)

I don't use Windows, so I don't have to worry about stupid stuff like that. A couple of years ago when I did use Windows, Windows got infected by the KAK worm. The KAK worm exploited an ActiveX bug in Outlook Express which made it execute just by previewing the e-mail! I was so mad that Microsoft made something like that possible. Luckily, none of the worms that exploited that bug were very serious, or there could have been some serious havok.

Originally posted by ToastyX
I don't use Windows, so I don't have to worry about stupid stuff like that.
You email your customer their account info, logins and passwords. They save it as a text file. Their machine gets infected and the virus snaps up that text file and emails it to countless others. But you're right, you don't have to worry about that... :eek2: :uhh:

Norton caught that worm for me this morning. Only worms I can use are for fishing and in those Tequila bottles. Norton is great, wonderful, cool beyond words.

I'm passing this on from a friend of mine, makes sense to me...I have always heard that if you don't have the preview pane on, you will be safer from viruses.

Someone just told me to do this: Make a new contact with this as the name *virus-trap that way it will be the first in your addy book. It won't protect you from getting a virus but the address that it carries will let people know that you have been struck with one. Email addy: illegal-DoNotOpen-virus
I went and made this in my Outlook addy book. It took the email addy after giving me a warning it really wasn't an actual address.

So y'all do this too, then if you do get a virus, which I hope you don't, at least people who are in your addy book will be warned.

:) Sara

I got it on my personal laptop (with an updated McAfee running too...). It shut down my McAfee for me (how thoughtful) and prevented McAfee from running for more than 30 seconds (it also thoughtfully deleted my McAfee executables).

Thus, I couldn't use Windows McAfee. I tried an emergency disk, didn't find anything. Tried McAfee by command line, nothing. Then I downloaded the file attached and ran it. It found all my Klez.h infections and cleaned everything up for me. I was then able to run McAfee again and it cleaned up some other virus some of my files had also (some kind of variant of Klez).

This download saved me a lot of formatting/reinstalling time. :)

Originally posted by Chicken

You email your customer their account info, logins and passwords. They save it as a text file. Their machine gets infected and the virus snaps up that text file and emails it to countless others. But you're right, you don't have to worry about that... :eek2: :uhh:

Yep, I don't have to worry about that since I don't have any customers. ;) ...but you're right, that wouldn't be good thing. :(

I feel so special... only a select few have my personal address in their addressbooks, and they know how angry I'll be.

I have been getting a couple of the same ones for about 2 weeks now. The subjest is always "FW: Melt your sweeahearts heart with this valentine screensaver" and there is a .SCR file attached to it. The weirdest part of it is it comes with a date of May 31, 1963? I have been getting this to all the email addresses on my site and even the non-public ones.. Anyone seen this one yet?