viruses

[Ed]

hi,
there seems to be a glut of PC viruses out there at the moment.
Being on a Mac my latest definitions (2.5.02) dont pick up PC viruses.
Ive had viruses from people using club members addresses etc. and mine has also been used (apologies)  :-/
some of these have been titled "re: some questions"
Ive been not opening and deleting all suspect emails and attachments. My software scans all attachments prior to receipt also.  Is there any other way I can help stop PC viruses, so they dont propogate using my email address??
thanks

Ed

[craiga]

I have had the same issue with unsolicited email arriving using the fefcholden.org.au email address.

Ed is handling it the best way - if you don't know the sender, don't open it but rather delete it immediately.

RET are you able to have a look a this? Someone is obviously accessing at least two of the addresses - is anyone else having problems?

[4hammers]

Hi, no it isn't te fault of anyone listed as the sender. I have been getting this virus from many different sources, but up until this stage, my Anti-Virus system has been coping. The following is a quote from a virus alert newsletter I recieve:

WORM_KLEZ.H continues to hold steady in the #1 position in Trend Micro's World Virus Tracking Center http://wtc.trendmicro.com/wtc/. At the time of this writing, more than 134,000 computers worldwide have been infected with WORM_KLEZ.H. Europe, Asia, and North America have been hardest hit.

WORM_KLEZ.H (Dropper)
This destructive, memory-resident variant of the WORM_KLEZ.A mass-mailing worm uses SMTP to propagate via email. The subject line of the email it arrives with is randomly selected from a long list of possible choices. This worm can change or spoof the original email address in the FROM: field. It obtains email addresses (that it places in the FROM: field) from the infected user's address book. This causes a non-infected user to appear as the person who has sent this worm's malicious email, and hides the real address of the sender of the infected email.

Upon execution, this worm decodes its data in memory. It then copies itself to a WINK*.EXE file in the Windows System directory. The copy has a hidden attribute and the * is a random number of random characters. It also infects .EXE files.

What it is saying is this, the virus gets the senders address from YOUR email address book!!
Also, if you don't get it fast, it is a nasty one.

So as I said Ed, no worries, it wasn't you.

Hope this helps,
4ammers

[sgo]

I did get a suspect e-mail the other day that looked related to FC's but deleted it.
One question I'd like answered though is if viruses are only in the attatchements, or can they be in the text part of an e-mail?

[spider]

HEY SGO
The Virus can come as a attatchment or not. I had one that said: feholden: subject:engine specifications, and that was a virus with no attatchment. The best way to check your e-mail at the moment if you dont have the latest ANTI-VIRUS software, is to check your mail off the main server,instead of going into, " outlook express" or what ever you have to look at your e-mail. You will see there especially if the virus is in a attatchment all the jargon. Then you can delete it straight off the server, without it going in to your system. I have been lucky that my norton antivirus has caught all the viruses and quarantened them. But even now im going to the main server to check my mail just in case. I am getting approximately 1 to 4 a day although it has slowed down now for the last couple of day's. It has gone to all of my 3 e-mail addresses, And i have i mate in america that is tracking this certain one at the moment. He's a computer wiz and if he cant track it no one can, he works for a major computer site in america.

Regards spider

[RET]

Like Ed, as a mac user I'm impervious to the virus, but I'm still getting several copies a day - I've received upwards of 60 copies in the last two weeks.

Anyway, here's are a couple of tips (if you must use Outlook):
1.  Make sure the 'Preview Pane' is turned off.  (Choose View/Layout and uncheck the 'Show Preview Pane' option.  Click OK.)
2.  Turn on the 'size' column in your inbox.  (Right-click on any of the column headings - eg the word 'Subject'.  Choose 'Columns' from the menu that appears.  Check the box labelled 'Size' and click OK.)  Another column will appear that shows the size (in Kb) of each email.

The reason for the 2nd suggestion is this.  Something that I have noticed about emails infected with this latest virus is that they are consistently around 120 - 130KB in size.  So being able to see the size will help you to know if a mail you are suspicious of has this signature.

A couple of even better suggestions:
1.  Get a Macintosh    Apple's MacOS and MacOSX operating systems are impervious to these PC virii.
2.  If that's not feasible, download Eudora and use it instead of Outlook.  It has much more robust security.  I have heard Outlook described as having security holes "like a colander made of Swiss cheese".
3.  Make sure you have up-to-date virus software that you use regularly!

Hope this helps.
RET

[RET]

Oh, and another thing.  One copy of the virus I received this week had an image attachment of a boxed Nasco "Auto-Home" electric razor accessory attached.  If you have a copy of such a picture on your hard drive, you're probably (one of the people) infected.

cheers
RET

[RET]

You can find out all about the KLEZ virus here: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html, and download a patch to clean it here: http://www.sarc.com/avcenter/venc/data/w32.klez.removal.tool.html.

A free virus scanning tool that has had good press can be found here: http://www.grisoft.com/html/us_index.htm

Hope this helps.

[weedy-burton]

Hey guys

I received an email yesterday addressed from a user of this forum  that had an attachment titled "check out my hot girlfriend".From what I have just read I am assuming this was a virus.I deleted it without opening anyway but just thought Id tell you all so you can keep an eye out for the attachment.

[air-chief]

Hi there weedy-burton

I just received the same e-mail about five minutes ago from someone who uses this site. My anti-virus picked it up and quarantined it. The virus was "W32.Klez.H@mm".

I would say that people don't even know that they are sending these e-mails, I myself have been through it. But now I'm protecting myself.

air-chief

[air-chief]

One other thing, I don't really think you should drop names of people who have sent e-mails with virus', as the poor guy maybe doesn't know that its happening.
You really should PM or e-mail him. I know I wouldn't like my name posted and I'm sure you wouldn't either.

Just my 2 cents on it.

[weedy-burton]

opps  :-/

I in no way intended to imply that the user mentioned had anything knowingly to do with the virus and can understand why he/she or anybody else would wouldnt want their user name asscociated with it in any way,in which case I have removed the name from the message and offer my sincerest appologies.

sorry.

Daryl

[RET]

After a bit of a lull I've started receiving this virus again in force.  If you use a PC, please make sure you're not infected.

There's a good write-up of the KLEZ-H virus and why it's been so effective here: http://www.smh.com.au/articles/2002/05/25/1022243282104.html

This is also worth a read: http://www.theregister.co.uk/content/55/25461.html

cheers
RET

[edit: added second article]