TenTec
[Top] [All Lists]

[TenTec] weird postings virus?

To: <tentec@contesting.com>
Subject: [TenTec] weird postings virus?
From: kw0d@netexpress.net (Dave Kamp, KW0D)
Date: Sun, 12 May 2002 11:52:59 -0500
Hi Duane, et al.-

Don't stomp Mike over the postings- he's not hosting it.  The virus doing
the postings is well documented in 

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html

It (and it's variants) are very clever.  The way it does it's spoofing,
it's actually highly unlikely that the person indicated as the sender has
anything to do with it.  This virus actually 'shuts off' other viruses and
worms for stealth, and it uses email addresses pulled from OTHER emails
(not just your address list!).  It then encloses it's payload in with an
'inert' looking RANDOM file from the host machine, and uses a series of
different subject headers.  It is for this reason, that the virus
propogates well-  it can strip names from reflectors, or emailed joke
lists... and spam.

The easy way to avoid propogating the virus, is to have such an obsolete
system that it doesn't work.  So far, I've been unsuccessfully attacked
about 40 times, and since this machine supports essentially nothing
(including decoding attachments) it just doesn't get here.  (I use the
other machines for the 'real' stuff).

Take a look at the description, and the covariants.  There's also a free
elimination program if you've got the bug.

DK  :-)

At 12:15 PM 05/12/2002 -0400, you wrote:
>Have you had your      OUTGOING email scanned by Norton? While
>Norton has been catching any k l e z junk here (as far as I
>know) hopefully the outgoing screen will kill anything that
>is missed???
>
>Duane Budd
>w5ben@arrl.net
>Johnson City, TN


73's from KW0D Dave in LeClaire, Iowa

<Prev in Thread] Current Thread [Next in Thread>