The Klez Virus: Don't Believe the 'From' Line

Marc

Hunkered Down for the Duration
Staff member
Admin
#1
See http://www.wired.com/news/technology/0,1282,52174,00.html

Folks - I have been getting hundreds of e-mails with viruses lately. Since I use a Mac and my server is FreeBSD I can not be infected. In addition, I run my mail through SpamCop.net which removes viruses so I don't end up downloading megabytes of e-mail files. My sweeper service sends me an e-mail saying something like this to confirm:

The SCG Viruswall has detected a virus (WORM_KLEZ.H) in email sent to you on 05/01/2002 04:36:58 with an action deleted. If the message contained anything other than the virus infection, it has been forwarded to you seperately. Please email [email protected] if you have any questions about this event.
To show you how weird this virus is, one e-mail contained the following:
CONVICT_AVITAR[1].gif

Nope - this is not a swipe at you, energy, but it freaked me out. Since my mail is swept and because I use a Mac I really have not been paying much attention. The e-mail sweeper sends me the e-mail (what's left after the virus is removed) if it contains anything.

Most have something. One had a jpg file and I took a look and - there to behold was energy (remember using this avatar?)! The weird thing about this virus is it does very, very strance things. Obviously, energy's computer is infected.

I am in part writing this as I have had several e-mails from folks telling me I sent them a virus. Please understand that neither my computer (a Mac) nor the Cove server (running FreeBSD) are affected by this virus. If you want to understand what it's doing, read the article in the above link.

You MAY have the virus and not know it! If you do and I am in your address book, your computer may be sending others in your address book e-mails with a virus and indicate the e-mail is from me (or from someone else in your address book).

More good MickeySoft software failure modes. Billions of dollars in business and personal losses in time fixing computers and money for virus software -- Brought to you Exclusively by Microsoft! "Microsoft is not responsible for.... anything, including cruddy software and losses incurred due to its use."
 
Elsmar Forum Sponsor
E

energy

#2
Hey Hey

Marc,

I haven't used that avitar in 3-4months. I also have Norton Virus that is updated regularly (Live update). I did have a problem awhile back and occasionally a virus is detected and quaratined. It should not let anything out or in via e-mail. Maybe it's a piggyback worm. I will review my virus detection reports tonight to see if one of the viruses that was detected was named the same as your post.

Sorry:frust: :ko: :smokin:

Note: That avitar was sent from my personal PC at home because I can't send attachments from work because of the firewall thingy.
 
A

Al Dyer

#3
Marc,

To:
Subject: Norton AntiVirus detected and quarantined a virus in a message yo u sent.


Recipient of the infected attachment: Caluwe, Marc\Inbox
Subject of the message: Got an interview
One or more attachments were quarantined.
Attachment Rayrh.bat was Quarantined for the following reasons:
Virus [email protected] was found.
---------------------------------------------------------------------

Don't know what it means, only that it was quarantined by norton
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
Re: Hey Hey

energy said:

Marc,

I haven't used that avitar in 3-4months.
That is what freaked me out!

All I know is the sender wasn't you according to the header. But - since the header can't be relied upon, I don't really know where it came from. I must assume the virus hit your machine unless someone snatched a copy of that avatar some months back and it was on their machine. When you change avatars in the forums it deletes any custom avatar you had before so it's not stored on the server.

You don't have to say sorry because I know there's nothing you could do. Seeing your avatar just suprised me! The ol' convict himself!

Al - If you read the article I linked to it says the 'From' cannot be trusted.

I do like that avatar, tho, energy! You should make it your standard!

I'm just happy I'm a Mac person so I don't have to worry about viruses.
 
A

Al Dyer

#5
Marc,

Yes I did read it and the "from" was from me. Just trying to give you any extra info in case you were researching it further.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#6
No problem, Al. Nope - not trying to troubleshoot. Just trying to make sure everyone who reads the thread understands the weirdness of this virus. It appears the virus is subsiding a bit but it is expected to be around for a while.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#8
Almost all viruses go through MickeySoft programs like Outlook. But even other entry methods fail because - people are just not writing viruses which attack the Mac OS. I don't use Norton virus and never have. The only virus I ever got was in 1987. It was called the WDEF virus and it did no damage but did let you know it was there. All you had to do was rebuild the desktop and that was it. Viruses didn't propagate back then like they do now (among other things there wasn't an internet per se back then).

So - if I get an e-mail with a virus, even if I 'click' on the attachment to run it, being a Mac it doesn't do anything. :D And I'm a happy camper. I have a couple of peecees but never retrieve mail on them.
 
L

Laura M

#9
I started out a Mac-er - still have an old original in the basement.

Guess its time to go back to where it started.

Outta curiousity - If I were to set up a home Mac based system, with the basic "office" features - of Word, Excel, and of course email, etc, what am I in for $ wise. All the ad's are packaged with the MS stuff. I invested in a Dell laptop last year with all the latest MS stuff. All the schools use Mac however, and there have been a few HW problems with compatibility in addition to a few i-net problems with inappropriate access.

Shall I invest in a Mac? I can investigate my self I suppose, but I'm looking for the motivation.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#10
If you have clients whose programs you want to be able to 'for sure' share (i.e.: Visio) you would probably want a peecee, although the simulators for the Mac are very fast now (there are 2 major windoz emulators) I haven't used one in a couple of years (my Mac is a 6 year old, 400 mhz CPU {upgraded from the original 120 mhz CPU} slowpoke) so I can't say much else about the current state of the emulators and speed. SoftPC ran OK on this CPU but since I bought a cheap peecee several years back I don't need an emulator.

Personally I just bought a used peecee which I'm going to use for mixing music , burning CDs and windoz programs. I'm going to use my old peecee strictly as a server - the 'Premium' and 'Members' directories are going to be moved there in the next couple of weeks. I'm getting a KV swich to control both peecees from one console.

But I will do most of my stuff, as always, on my Mac. Check the web, but as I remember Office Mac was about the same cost as the Windows version. Drawback: There is no Mac version of Visio or Access (you'd need to run the windoz version on an emulator such as SoftPC).

If I was starting from word one, I'd get one of the new powerbooks (the one with the 15" screen and fast hard drive) and put an emulator on it for general and business use - but you're talking $3500 now. Then I'd get the professional windoz office package (2000, NOT XP), install it and run it from the emulator. However, most people are so invested in the windoz platform that it's really not feasible to switch.

The bottom line to me is every time I use my peecee (rarely do I really need to - mostly for maybe 3 or 4 windoz programs like SmartDraw) I'm happy to get back to my Mac. Quite simply, it's the easiest to use and fastest over all. In 1986 I made a platform decision that I've been happy with ever since. I will say, had the Amiga 'taked off' I probably would have stayed with that OS. I'm just a simple minded Mac lover at heart, so this response is quite biased... :thedeal:
 
Thread starter Similar threads Forum Replies Date
Ed Panek Corona Virus impact on Supplier Audits and Received Parts ISO 13485:2016 - Medical Device Quality Management Systems 4
O Informational Scaling back internal audits due to corona virus while avoiding a NC Internal Auditing 7
qualprod Corona virus Contingency plan - What have you done in your company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
J Antiviral Mask or Mask to Mitigate or Control Corona Virus Manufacturing and Related Processes 29
B Is it possible that a virus sends spam on Facebook? After Work and Weekend Discussion Topics 6
A IVD Classification for HAV (Hepatitis A Virus) PCR (Polymerase Chain Reaction) Kit Canada Medical Device Regulations 2
Michael Malis FDA Guidance for Herpes Simplex Virus Types 1 and 2 Serological Assays US Food and Drug Administration (FDA) 0
N Quality Records - Password and Anti-virus Protection Records and Data - Quality, Legal and Other Evidence 3
Marc Tearing Apart a McAfee Hard-Sell Anti-Virus Ad After Work and Weekend Discussion Topics 6
K An Insight - Swine Flu ,The Deadly Virus ! World News 0
Jim Wynne Virus Hoaxes or, What Ever Happened to Fact-Checking? After Work and Weekend Discussion Topics 5
M 'Searched' virus? Cannot delete folder - HELP please After Work and Weekend Discussion Topics 33
joshua_sx1 Alert!!! New Disease & Virus!!! Funny Stuff - Jokes and Humour 2
R Another virus warning World News 8
Wes Bucey The FIRST computer virus - only on Apple? After Work and Weekend Discussion Topics 5
C What anti-virus software do you use and recommend? After Work and Weekend Discussion Topics 19
D We had a worm or virus hit our network yesterday - a.exe worm After Work and Weekend Discussion Topics 7
Claes Gefvenberg Whups... iPods with virus preinstalled. After Work and Weekend Discussion Topics 5
R New virus alert info - E-mail package - Backdoor.Haxdoor.O After Work and Weekend Discussion Topics 6
Marc Mac users face first Apple virus? Or News and Virus Program supplier Hype After Work and Weekend Discussion Topics 3
R New Virus Alert - 3 February 2006 After Work and Weekend Discussion Topics 4
R New Internet Virus Alert - Hackarmy Trojan After Work and Weekend Discussion Topics 0
Wes Bucey Beware! New virus beats Black Ice firewalls! After Work and Weekend Discussion Topics 5
Marc 'MyDoom' (Novarg) E-mail Virus - 2004-01-27 After Work and Weekend Discussion Topics 9
Geoff Cotton MS Windows - Bagle-A Virus Alert - 18 Jan 2004 After Work and Weekend Discussion Topics 17
Marc 19 August 2003 - New Microsoft E-Mail Virus - W32/Sobig.F-mm After Work and Weekend Discussion Topics 78
S Virus Alert warning with the message IEXPLORE.EXE - 11 Oct 2002 After Work and Weekend Discussion Topics 1
Marc A Virus with a Soul and Feelings After Work and Weekend Discussion Topics 3
F What to do when you don't meet the 1:10 ratio Measurement Uncertainty (MU) 3
MDD_QNA Accessory or I-don't-know-what-to-call-it-at-this-point EU Medical Device Regulations 3
S ARMY AQL - Requirements which don't have an AQL associated with them Manufacturing and Related Processes 2
D First 510(k) Submission - Don't Forget Tips US Food and Drug Administration (FDA) 5
M IATF 16949:2016 clause 8.4.2.3 - We don't have ISO 9001:2015 certificate IATF 16949 - Automotive Quality Systems Standard 26
I "We don't have enough resources" as an Audit Non-conformance Response General Auditing Discussions 14
D PPAP a Rebranded Purchased Product (we don't manufacture) IATF 16949 - Automotive Quality Systems Standard 6
I Importing prototype without CE (dos and don'ts ) EU Medical Device Regulations 9
H Embedded Software - I don't understand that Calibration and Metrology Software and Hardware 2
N How to ensure our employees don’t grab and use the wrong materials Manufacturing and Related Processes 11
J We don't have enough Corrective action entries AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
L Nonconformity's risk is too low, so don't report it? General Auditing Discussions 25
K RAPS RAC - Resources to prep for the RAC exam that don't cost an arm and a leg Professional Certifications and Degrees 3
M A non-religious country, where you don't drink? Coffee Break and Water Cooler Discussions 14
Jim Wynne Don't Pay the Ransom Coffee Break and Water Cooler Discussions 11
AnaMariaVR2 Warning ? Don?t Confuse ?Made In USA? And ?Inspected By FDA? With Patriotism US Food and Drug Administration (FDA) 3
AnaMariaVR2 DIY Fixes Don't Meet CGMP: FDA Slams Manufacturer for Fixes Involving Tape, Rubber Ba Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
Stijloor American airports don't rank very well. Travel - Hotels, Motels, Planes and Trains 13
S Don't Forget Canadian Provincial Electrical Code Requirements Canada Medical Device Regulations 1
R EU-countries which don't accept English user manuals and require national translation CE Marking (Conformité Européene) / CB Scheme 9
B You don't need to know the distribution in order to apply SPC Statistical Analysis Tools, Techniques and SPC 10
B Why don't we have more representation from Registrars at The Cove? Registrars and Notified Bodies 14

Similar threads

Top Bottom