Mark,
A valid virus warning will always include a date and a source.
A hoax virus warning lacks these and often also gives no information on
what sorts of operating systems are vulnerable.
Any message asking recipients to pass it on to everyone in their address
books is a hoax intended to act, with your help, like a virus.
Bad grammar is always an indication, as you noted, of the unreliability
of a message.
Nelson Blachman WG6R
Oakland, Calif.
----- Original Message -----
From: "Senk, Mark J." <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, May 06, 2002 6:51 AM
Subject: Virus warning now used to spread a virus
> I got this one today and was suspicious because of the poor grammar. Your
> next anti-virus warning might contain a virus itself. Remember when all
we
> had to worry about were messages with the Subject "Good times" ?
>
>
> excerpted from http://antivirus.about.com/library/weekly/aa041702a.htm
>
> However, according to antivirus developer
> F-Secure,
> an even more insidious message may be sent:
>
>
> Subject:
>
> Worm Klez.E immunity
>
> Body:
>
> Klez.E is the most common world-wide spreading worm.It's very
> dangerous by corrupting your files.
> Because of its very smart stealth and anti-anti-virus
> technic,most common AV software can't detect or clean it.
> We developed this free immunity tool to defeat the malicious
> virus.
> You only need to run this tool once,and then Klez will never
> come into your PC.
> NOTE: Because this tool acts as a fake Klez to fool the real
> worm,some AV monitor maybe cry when you run it.
> If so,Ignore the warning,and select 'continue'.
> If you have any question,please mail to me.
>
> Though the 'mail to me' is represented as a link to the sender's e-mail
> address, F-Secure warns that this address is not always the real sender's
> address.
> The spoofing of the sender's name/address is not unique to Klez.H, this
same
> behavior is present in
> Klez.E
> as well.
>
> The attachment will have either a BAT, EXE, PIF, or SCR extension.
However,
> Klez.H takes advantage of a well-known weakness in the default settings
for
> Windows, which allows double extension filenames to appear as a benign
file
> type. Visit the
> Executable File Attachments center
> for instructions on changing these default settings to ensure you are not
> vulnerable to this bit of social engineering.
>
> Klez.H also takes advantage of a vulnerability in unpatched versions
> Microsoft's Internet Explorer 5.01 or 5.5 which can allow attachments to
be
> automatically
> executed simply by reading - or in some cases, previewing, the email
> message. Outlook and Outlook Express, and any mail other client that
relies
> upon Internet
> Explorer to render HTML email messages are vulnerable to this exploit. The
> vulnerability is an old one, first patched in March 2001. To ensure your
> system
> is fully patched, visit the
> Windows Update
> site, check for Product Updates, and install any marked Critical. Checking
> for and installing security patches should be considered routine
maintenance
> and should be accomplished at least monthly.
>
>
> VICUG-L is the Visually Impaired Computer User Group List.
> To join or leave the list, send a message to
> [log in to unmask] In the body of the message, simply type
> "subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
> VICUG-L is archived on the World Wide Web at
> http://maelstrom.stjohns.edu/archives/vicug-l.html
>
>
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|
