The Klez Virus: Don't Believe the 'From' Line

[Marc]

See http://www.wired.com/news/technology/0,1282,52174,00.html

Folks - I have been getting hundreds of e-mails with viruses lately. Since I use a Mac and my server is FreeBSD I can not be infected. In addition, I run my mail through SpamCop.net which removes viruses so I don't end up downloading megabytes of e-mail files. My sweeper service sends me an e-mail saying something like this to confirm:

The SCG Viruswall has detected a virus (WORM_KLEZ.H) in email sent to you on 05/01/2002 04:36:58 with an action deleted. If the message contained anything other than the virus infection, it has been forwarded to you seperately. Please email [email protected] if you have any questions about this event.

To show you how weird this virus is, one e-mail contained the following:
Nope - this is not a swipe at you, energy, but it freaked me out. Since my mail is swept and because I use a Mac I really have not been paying much attention. The e-mail sweeper sends me the e-mail (what's left after the virus is removed) if it contains anything.

Most have something. One had a jpg file and I took a look and - there to behold was energy (remember using this avatar?)! The weird thing about this virus is it does very, very strance things. Obviously, energy's computer is infected.

I am in part writing this as I have had several e-mails from folks telling me I sent them a virus. Please understand that neither my computer (a Mac) nor the Cove server (running FreeBSD) are affected by this virus. If you want to understand what it's doing, read the article in the above link.

You MAY have the virus and not know it! If you do and I am in your address book, your computer may be sending others in your address book e-mails with a virus and indicate the e-mail is from me (or from someone else in your address book).

More good MickeySoft software failure modes. Billions of dollars in business and personal losses in time fixing computers and money for virus software -- Brought to you Exclusively by Microsoft! "Microsoft is not responsible for.... anything, including cruddy software and losses incurred due to its use."

 

[energy]

Hey Hey

Marc,

I haven't used that avitar in 3-4months. I also have Norton Virus that is updated regularly (Live update). I did have a problem awhile back and occasionally a virus is detected and quaratined. It should not let anything out or in via e-mail. Maybe it's a piggyback worm. I will review my virus detection reports tonight to see if one of the viruses that was detected was named the same as your post.

Sorry

Note: That avitar was sent from my personal PC at home because I can't send attachments from work because of the firewall thingy.

 

[Al Dyer]

Marc,

To:
Subject: Norton AntiVirus detected and quarantined a virus in a message yo u sent.


Recipient of the infected attachment: Caluwe, Marc\Inbox
Subject of the message: Got an interview
One or more attachments were quarantined.
Attachment Rayrh.bat was Quarantined for the following reasons:
Virus W32.Klez.gen@mm was found.
---------------------------------------------------------------------

Don't know what it means, only that it was quarantined by norton

 

[Marc]

Re: Hey Hey

energy said:

Marc,

I haven't used that avitar in 3-4months.

That is what freaked me out!

All I know is the sender wasn't you according to the header. But - since the header can't be relied upon, I don't really know where it came from. I must assume the virus hit your machine unless someone snatched a copy of that avatar some months back and it was on their machine. When you change avatars in the forums it deletes any custom avatar you had before so it's not stored on the server.

You don't have to say sorry because I know there's nothing you could do. Seeing your avatar just suprised me! The ol' convict himself!

Al - If you read the article I linked to it says the 'From' cannot be trusted.

I do like that avatar, tho, energy! You should make it your standard!

I'm just happy I'm a Mac person so I don't have to worry about viruses.

 

[Al Dyer]

Marc,

Yes I did read it and the "from" was from me. Just trying to give you any extra info in case you were researching it further.

 

[Marc]

No problem, Al. Nope - not trying to troubleshoot. Just trying to make sure everyone who reads the thread understands the weirdness of this virus. It appears the virus is subsiding a bit but it is expected to be around for a while.

 

[M Greenaway]

How come Mac's are immune to viruses ?

Or is it a long story ?

 

[Marc]

Almost all viruses go through MickeySoft programs like Outlook. But even other entry methods fail because - people are just not writing viruses which attack the Mac OS. I don't use Norton virus and never have. The only virus I ever got was in 1987. It was called the WDEF virus and it did no damage but did let you know it was there. All you had to do was rebuild the desktop and that was it. Viruses didn't propagate back then like they do now (among other things there wasn't an internet per se back then).

So - if I get an e-mail with a virus, even if I 'click' on the attachment to run it, being a Mac it doesn't do anything. And I'm a happy camper. I have a couple of peecees but never retrieve mail on them.

 

[Laura M]

I started out a Mac-er - still have an old original in the basement.

Guess its time to go back to where it started.

Outta curiousity - If I were to set up a home Mac based system, with the basic "office" features - of Word, Excel, and of course email, etc, what am I in for $ wise. All the ad's are packaged with the MS stuff. I invested in a Dell laptop last year with all the latest MS stuff. All the schools use Mac however, and there have been a few HW problems with compatibility in addition to a few i-net problems with inappropriate access.

Shall I invest in a Mac? I can investigate my self I suppose, but I'm looking for the motivation.

 

[Marc]

If you have clients whose programs you want to be able to 'for sure' share (i.e.: Visio) you would probably want a peecee, although the simulators for the Mac are very fast now (there are 2 major windoz emulators) I haven't used one in a couple of years (my Mac is a 6 year old, 400 mhz CPU {upgraded from the original 120 mhz CPU} slowpoke) so I can't say much else about the current state of the emulators and speed. SoftPC ran OK on this CPU but since I bought a cheap peecee several years back I don't need an emulator.

Personally I just bought a used peecee which I'm going to use for mixing music , burning CDs and windoz programs. I'm going to use my old peecee strictly as a server - the 'Premium' and 'Members' directories are going to be moved there in the next couple of weeks. I'm getting a KV swich to control both peecees from one console.

But I will do most of my stuff, as always, on my Mac. Check the web, but as I remember Office Mac was about the same cost as the Windows version. Drawback: There is no Mac version of Visio or Access (you'd need to run the windoz version on an emulator such as SoftPC).

If I was starting from word one, I'd get one of the new powerbooks (the one with the 15" screen and fast hard drive) and put an emulator on it for general and business use - but you're talking $3500 now. Then I'd get the professional windoz office package (2000, NOT XP), install it and run it from the emulator. However, most people are so invested in the windoz platform that it's really not feasible to switch.

The bottom line to me is every time I use my peecee (rarely do I really need to - mostly for maybe 3 or 4 windoz programs like SmartDraw) I'm happy to get back to my Mac. Quite simply, it's the easiest to use and fastest over all. In 1986 I made a platform decision that I've been happy with ever since. I will say, had the Amiga 'taked off' I probably would have stayed with that OS. I'm just a simple minded Mac lover at heart, so this response is quite biased... :thedeal: