Hi Groups!
Just wanted to pass this bit of information along...today, Friday,
July 12, 2002, I received what APPEARED to be some sort official
email from www.kapirsky.com Kapirsky Antivirus, with an attachment
in MIME Base 64 format of a file named INSTALL.EXE. The email
said this was a W32.Klez.mm remover tool for antivirus. Note---
I have NEVER used anitivirus from Kapirsky, so how they got one
of my more obscure email addresses is kind of interesting too.
OK, enough prelims, the file is NOT a removal tool, but instead is
the actual W32.Klez.h@mm Outlook Worm! My use of DOS Internet and
operating systems prevented any infection. My email address MAY
have been "harvested" from one of these lists, more likely the original
SurvPC list. So, to summarize, if you receive ANY email from what
on the surface appears to be a legitimate source, BE CAREFUL...read
the headers of the email if possible, as that gives clues as to its
origin. Anyway, I did "decode" the Mime 64 attachment using a command
line tool, FCode (my favorite for this by the way, it also handles
UUE and XXE!), then ran a scan using Norton AntiVirus 4 for Win3/DOS
and confirmed it was indeed infected with Klez.
If anyone needs FCode, let me know, I can put it up on the web for
download!
C U L8R!
Wiz <{;-)
Wizard57M
Glenn Gilbreath Jr.
http:[EMAIL PROTECTED]/index.htm
-- DOS Internet, Close Windows and Keep the Internet Open! --
-- Arachne V1.62, NON-COMMERCIAL copy, http://arachne.cz/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
