Virus Name:
W32/Klez.h@MM
Aliases/Variants:
W32/Klez.G@mm (Norman)
W32/Klez.gen@MM
WORM_KLEZ.G (Trend)
Characteristics:
1. To propagate copies of itself, this worm uses its own SMTP engine to
send an email containing its executable program. It randomly chooses its target
users from a pool of email addresses and from the email addresses that
appear in the From field of the email.
2. Similar to the other KLEZ variants, this worm can change or
"deceive" the original email address in the FROM: field. It obtains the
email addresses that it places in the FROM: field from the infected user's address book.
This causes a non-infected user to appear as the person who has sent this worm's malicious email. It does this to hide the real sender of the infected email.
3. The subject of the email it sends is composed in a complex manner. The subject may
contain any of the following substrings:
how are you
let's be friends
darling
so cool a flash,enjoy it
Your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
Undelivarable mail-"%s"
Returned mail-"%s"
%s is a random string.
4. The subject may also be any of the following:
a %s %s game
a %s %s tool
a %s %s Web site
a %s %s patch
%s removal tools
Impact:
Many agency employees receive emails from outside entities who may use Microsoft products. As a result, any agency employee who is on an outsider's address book could be susceptible to receiving this virus if that users address book is infected.
Additional Comments:
If you receive email with the aforementioned subject lines, DO NOT OPEN THE EMAIL and DELETE THE EMAIL IMMEDIATELY.
W32/Klez.h@MM
Aliases/Variants:
W32/Klez.G@mm (Norman)
W32/Klez.gen@MM
WORM_KLEZ.G (Trend)
Characteristics:
1. To propagate copies of itself, this worm uses its own SMTP engine to
send an email containing its executable program. It randomly chooses its target
users from a pool of email addresses and from the email addresses that
appear in the From field of the email.
2. Similar to the other KLEZ variants, this worm can change or
"deceive" the original email address in the FROM: field. It obtains the
email addresses that it places in the FROM: field from the infected user's address book.
This causes a non-infected user to appear as the person who has sent this worm's malicious email. It does this to hide the real sender of the infected email.
3. The subject of the email it sends is composed in a complex manner. The subject may
contain any of the following substrings:
how are you
let's be friends
darling
so cool a flash,enjoy it
Your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
Undelivarable mail-"%s"
Returned mail-"%s"
%s is a random string.
4. The subject may also be any of the following:
a %s %s game
a %s %s tool
a %s %s Web site
a %s %s patch
%s removal tools
Impact:
Many agency employees receive emails from outside entities who may use Microsoft products. As a result, any agency employee who is on an outsider's address book could be susceptible to receiving this virus if that users address book is infected.
Additional Comments:
If you receive email with the aforementioned subject lines, DO NOT OPEN THE EMAIL and DELETE THE EMAIL IMMEDIATELY.
Chat with friends online, try MSN Messenger: Click Here
RCSE-List facilities provided by Model Airplane News. Send "subscribe" and "unsubscribe" requests to [EMAIL PROTECTED]
