On Thu, 9 May 2002, Spike wrote: > Hello Jonathan, > > The problem with KLEZ is that it has its own built in SMTP server > and sends out mails (all from the WAB - Windows Address Book) as > if they come directly from the person whose address is used. You > can't determine where the message actually came from. The safest > course is to REMOVE Outlook AND the Windows Address Book > ENTIRELY. Those are the targets of 99.99% of the virus code!
I know... I deal with about 5 of them every day now. We've installed a mail scanner on our mail server now to provent this kind of thing. As for it's source, there appears to be two versions flying about at the moment. One sets the "Return-Path" header, which is a valid email address of the infected user. This I know because of 3 that hit us last week. I called the person, and they confirmed they were infected. Unfortunately the second version appears not to add anything quite as technical, but if you know your friends, you *may* be able to trace it to their ISP. > With The Bat!, as long as you don't right click and save the > attachments, and then get even dumber and run them, they can > usually do nothing. Absent Outlook and WAB, there is virtually > nothing the virus can do, other than whatever destructive code it > runs locally. That is what I was saying... providing he doesn't try and execute the program, he'll be fine. TB! doesn't suffer the problem of the IFRAMES tag which is what Klez uses to force itself to open. The only way you're going to get infected with this one, is run the program yourself. At which point you should be taken to your sysadmin, and shot with a gun ;) -- Jonathan Angliss ([EMAIL PROTECTED]) ________________________________________________________ Current Ver: 1.60i FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
