Re: [newbie] Worm
> hm...think about it. the anti-virus companies are making billions > every year from peoples' ignorance and gullability. I'm not saying that > these companies are in any way evil or wrong in what they do mind you; > they are obviously anc desperately needed. still, they make gazillions > of dollars because folks just can't resist open that attachment! > > just an observation... > Quite true. One sure fire way to get a user to do something is to tell them that they shouldn't. I had one position where the second shift guys found it amusing to load viruses just to see what they would do, I kid you not... Belgarius The 3 R's of Redmond: Retry, Reboot, Reinstall Registered Linux User #271587 http://counter.li.org --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 5/24/02 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Worm
On Monday 27 May 2002 02:09 am, Brian Parish wrote: > On Mon, 2002-05-27 at 03:14, poogle wrote: > > I may be wrong but I think I have received a new twist to the Klez.e worm > > in which case I think cross posting to warn others is appropriate, if I'm > > wrong I apologise for cross posting. > > I paste below the text of the e mail which came with an attachment called > > width.exe which I will e mail off-list to anyone who wants to look at it > > at their own risk of course, a second attachment in html read " Read the > > OEM Privacy Statement This page is unavailable. Please check with your > > computer manufacturer.To continue to register your computer and Microsoft > > Windows, click Back. " and a back button followed. > > I am Windows free so I can't virus scan the attachment and I'm not a > > programmer so although I could look at it it would mean nothing to me. > > > > The text:- > > > > Klez.E is the most common world-wide spreading worm.It's very dangerous > > by corrupting your files. Because of its very smart stealth and > > anti-anti-virus technic,most common AV software can't detect or clean it. > > We developed this free immunity tool to defeat the malicious virus. You > > only need to run this tool once,and then Klez will never come into your > > PC. > > NOTE: Because this tool acts as a fake Klez to fool the real worm,some > > AV monitor maybe cry when you run it. If so,Ignore the warning,and select > > 'continue'. > > If you have any question,please [there was an e mail link here] > > Yeah, it is Klez, but not new. > > Brian I followed a link posted by Mike Larson which describes this type of "deceptive" e mail, My partner's company are getting several e mails a week containing the klez worm but I had not seen this e mail message before. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Worm
On Mon, 2002-05-27 at 03:14, poogle wrote: > I may be wrong but I think I have received a new twist to the Klez.e worm in > which case I think cross posting to warn others is appropriate, if I'm wrong > I apologise for cross posting. > I paste below the text of the e mail which came with an attachment called > width.exe which I will e mail off-list to anyone who wants to look at it at > their own risk of course, a second attachment in html read " Read the OEM > Privacy Statement This page is unavailable. Please check with your computer > manufacturer.To continue to register your computer and Microsoft Windows, > click Back. " and a back button followed. > I am Windows free so I can't virus scan the attachment and I'm not a > programmer so although I could look at it it would mean nothing to me. > > The text:- > > Klez.E is the most common world-wide spreading worm.It's very dangerous by > corrupting your files. Because of its very smart stealth and anti-anti-virus > technic,most common AV software can't detect or clean it. We developed this > free immunity tool to defeat the malicious virus. You only need to run this > tool once,and then Klez will never come into your PC. > NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV > monitor maybe cry when you run it. If so,Ignore the warning,and select > 'continue'. > If you have any question,please [there was an e mail link here] > Yeah, it is Klez, but not new. Brian Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Worm
Followed your link, you are absolutely right and I was also right to be suspicious. John On Sunday 26 May 2002 18:58 pm, Mike Larson wrote: > You received the Klez.h variant. > http://www.viruslist.com/eng/viruslist.html?id=4292 > > I received this and dozens of other infected emails from a friend whose > Windows computer got infected. Naturally, I was not affected since I am > using Linux, but it was a real mess for him to clean up. It even sent > out a few copies of itself with my email address (which it obtained from > his address book) as the return address. > > Mike > > poogle wrote: > > I may be wrong but I think I have received a new twist to the Klez.e worm > > in which case I think cross posting to warn others is appropriate, if I'm > > wrong I apologise for cross posting. > > I paste below the text of the e mail which came with an attachment called > > width.exe which I will e mail off-list to anyone who wants to look at it > > at their own risk of course, a second attachment in html read " Read the > > OEM Privacy Statement This page is unavailable. Please check with your > > computer manufacturer.To continue to register your computer and Microsoft > > Windows, click Back. " and a back button followed. > > I am Windows free so I can't virus scan the attachment and I'm not a > > programmer so although I could look at it it would mean nothing to me. > > > > The text:- > > > > Klez.E is the most common world-wide spreading worm.It's very dangerous > > by corrupting your files. Because of its very smart stealth and > > anti-anti-virus technic,most common AV software can't detect or clean it. > > We developed this free immunity tool to defeat the malicious virus. You > > only need to run this tool once,and then Klez will never come into your > > PC. > > NOTE: Because this tool acts as a fake Klez to fool the real worm,some > > AV monitor maybe cry when you run it. If so,Ignore the warning,and select > > 'continue'. > > If you have any question,please [there was an e mail link here] > > > > > > > > > > > > > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Worm
To answer your question, yes, to the best of my recollection, this is one of the methods used to propagate the worm. Rather an insidious method, and one relying on the ignorance/gullibility of the recipient to be fooled into thinking it is legitimate. Belgarius --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 5/24/02 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Worm
You received the Klez.h variant. http://www.viruslist.com/eng/viruslist.html?id=4292 I received this and dozens of other infected emails from a friend whose Windows computer got infected. Naturally, I was not affected since I am using Linux, but it was a real mess for him to clean up. It even sent out a few copies of itself with my email address (which it obtained from his address book) as the return address. Mike poogle wrote: > I may be wrong but I think I have received a new twist to the Klez.e worm in > which case I think cross posting to warn others is appropriate, if I'm wrong > I apologise for cross posting. > I paste below the text of the e mail which came with an attachment called > width.exe which I will e mail off-list to anyone who wants to look at it at > their own risk of course, a second attachment in html read " Read the OEM > Privacy Statement This page is unavailable. Please check with your computer > manufacturer.To continue to register your computer and Microsoft Windows, > click Back. " and a back button followed. > I am Windows free so I can't virus scan the attachment and I'm not a > programmer so although I could look at it it would mean nothing to me. > > The text:- > > Klez.E is the most common world-wide spreading worm.It's very dangerous by > corrupting your files. Because of its very smart stealth and anti-anti-virus > technic,most common AV software can't detect or clean it. We developed this > free immunity tool to defeat the malicious virus. You only need to run this > tool once,and then Klez will never come into your PC. > NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV > monitor maybe cry when you run it. If so,Ignore the warning,and select > 'continue'. > If you have any question,please [there was an e mail link here] > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] Worm
I may be wrong but I think I have received a new twist to the Klez.e worm in which case I think cross posting to warn others is appropriate, if I'm wrong I apologise for cross posting. I paste below the text of the e mail which came with an attachment called width.exe which I will e mail off-list to anyone who wants to look at it at their own risk of course, a second attachment in html read " Read the OEM Privacy Statement This page is unavailable. Please check with your computer manufacturer.To continue to register your computer and Microsoft Windows, click Back. " and a back button followed. I am Windows free so I can't virus scan the attachment and I'm not a programmer so although I could look at it it would mean nothing to me. The text:- Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please [there was an e mail link here] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
