Results 1 to 13 of 13
  1. #1
    Join Date
    Apr 2001
    Location
    United Kingdom
    Posts
    1,651

    Virus from WebhostingTalk

    Ok, there an email going around i got it from "moderators [moderators@webhostingtalk.com]" it has an virus in it, I am sure it will not be from WHT team, but some lamers, who seems to think everyone is stupid enought to open them. ..

    Just a warning for you guys/gals .. I am outa here, Im sleepy, so i will check the headers in the morning.

    Have a nice evening.

    Shazad...


    EDIT :
    Email Subject : Cellpadding
    Virus Name : W32.Klez.H@mm
    Filename : Unknown04c0.data
    Characteristics : Memory Resident, Size Stealth, Full Stealth, Triggered Event, Encryption and Polymorphic
    Last edited by cabalstudios; 07-12-2002 at 10:48 PM.
    Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
    Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
    NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas

  2. #2
    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    12,136
    I've posted the characteristics of Klez a few times now (search), but to sum up: virus sends mail out from random address book entry. You can check the headers to see if it actually came from a WHT staff member which would be more useful...
    HostHideout.com - Where professionals discuss web hosting.

    • Chicken

  3. #3
    Join Date
    Apr 2001
    Location
    United Kingdom
    Posts
    1,651
    Chicken,

    I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...

    Ill check headers laters, Im off to bed.
    G'Night and have a nice evening.

    Shazad...
    Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
    Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
    NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas

  4. #4
    Join Date
    Mar 2001
    Location
    Downunder..
    Posts
    2,612
    hehe Chicken is angry

  5. #5
    Join Date
    May 2002
    Location
    Mars!
    Posts
    186
    hehe, Chicken, Now why would WHT Want to send a virus out to people?
    Quality Hosting Template For Sale! -

    http://www.webhostingtalk.com/showthread.php?s=&threadid=59932

  6. #6
    Join Date
    May 2002
    Location
    Michigan
    Posts
    1,799
    Oh for crying out loud!
    Who ever doesn't know by now that:
    1) some virri (klez) send themselves to addresses randomly found in the cache files, (could be an address on a webpage the infected person visited) with random text as the subject, and random address found in the cache files in the from feild, (This will not be the actual "recieved by"), and
    2) who hasn't updated their AVs regularly, and
    3) DLs files in emails,
    deserves to get this virrus!
    I mean really this peticular virri has been around since January! Hack, it started out as just Klez and last time I checked it was up to "KlezH" It might even have more versions out by now.

    So seeing as how WHT has many visitors, it stands to reason that some of these addys are cached, and some people will be getting infected emails, from infected users.

    One thing I started doing was encoding the email addys I use on webpages so that I get less of these random virri sent to me.
    I also do it for any website I create to help protect the people I make the website for.
    Last edited by ATST; 07-13-2002 at 04:59 PM.
    DANG DANG! DANG!!™
    I know ***** ripped off everybody else, but they wouldn't do it to me.
    "When you use bottom feed for bait, you are only going to catch bottom feeders."
    "You do what you are, and you are what you do."

  7. #7
    Join Date
    Dec 2001
    Location
    Ponchatoula, LA
    Posts
    497
    Just as an FYI, the plural of virus is viruses, not viri, virii, or virri.

    Just in case anyone really wants to know
    Enigma Hosting
    "I wasn't speeding, I was qualifying!"

  8. #8
    Join Date
    May 2002
    Location
    Michigan
    Posts
    1,799

    *

    Maybe it's another case of regional spelling?

    Or maybe I just spell it randomly different everytime.
    (the ATST virus)

  9. #9
    Join Date
    Jun 2000
    Location
    Southern California
    Posts
    12,136
    Originally posted by cabalstudios
    Chicken,

    I was not refering to the fact that it came from you, i was warning other users who may attempt to open it of such...
    No, no, no... I know it didn't come from me, that wasn't what I was saying. If you look at the headers you can see who it did come from and inform them that their machine is infected. I suppose that is easier when you can do an IP lookup on the forum, and this makes it easier to figure out the person whose machine is klezed.

    It could be from someone on staff, however the point isn't to be careful of mail addressed from modes@wht, the point is to check those attachments, as the 'from' field is just random. No one is actually putting the address there (no lamers), it is done by the annoying virus.

    I just wanted to clear up confusion, as the title of the thread is, "Virus from WebhostingTalk" which isn't accurate.
    HostHideout.com - Where professionals discuss web hosting.

    • Chicken

  10. #10
    Join Date
    Dec 2001
    Location
    Ponchatoula, LA
    Posts
    497
    Originally posted by ATST
    Maybe it's another case of regional spelling?

    Or maybe I just spell it randomly different everytime.
    (the ATST virus)
    Ack! He's been infected by the be.SpellinZ virus!
    Enigma Hosting
    "I wasn't speeding, I was qualifying!"

  11. #11
    Join Date
    Apr 2001
    Location
    United Kingdom
    Posts
    1,651
    lol
    Coreix™ | your solution™ www.coreix.net - 08000226734 - ISO27001 Certified
    Dedicated Servers - Colocation - Secure Cages - Enterprise & Managed Solutions - Clustering - LoadBalancing - High Availability - Hosted Exchange 2007
    NEW Tier III London DC with power sourced from 100% renewable sources, N+N UPS, N+1 Chillers and CRAC units, Mist Fire Suppression, Biometric and Man Trap security to all data areas

  12. #12
    Something I have seen happen at one of my websites I am project engineer on, and have my email listed as contact, until a few days ago.

    My email address was getting a virus a day sent to it. First it would be the Klez, then it would be the Yaha. I have Zone Alarm Pro which effectively uses Mailsafe to change the extension as it comes in, then Norton grabs it and quarantines it for deletion. Upon close inspection of these emails, I notice that they did in fact NOT come from those email addys, because they did not exist when I emailed them back. So under closer inspection, I noticed when I clicked on options in Outlook, of the email, it said it really came from an AOL domain. All of them. So they were probably intentional emails, I suspect, since they were coming from spoofed addys.

    Suddenly, I got a message delivery error, that had a virus in the attachment. Someone had used my email addy, to email a virus to a fake email account, which caused it to bounce back to me. If I did not have the security in place, I may have opened the attachment to see what I might have sent someone that came back. So yes, there are a lot of people spoofing addys out there trying to infect people. My webhost said there was nothing that can be done, except for deleting the email addy. Great option, huh? They also had me change all my passwords just in case someone had hacked my account, which wasn't likely, because then, they could infect the file or screw up the webpages on my domains.

    So watchout if you see a message delivery error to an email you don't recognize. And make sure your AV is up to date.
    BTW, I just got spam porn sent to me today from another one of my addys on a whole different domain. Spoofed as well. Why would I spam myself porn, or why would they let me see that they spoofed my email to spam porn?

  13. #13
    Join Date
    Mar 2002
    Posts
    704
    I get that Cellpadding crap atleast 5 times a day

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •