LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Sender:	"VICUG-L: Visually Impaired Computer Users' Group List" <[log in to unmask]>
Subject:	Virus warning now used to spread a virus
From:	"Senk, Mark J." <[log in to unmask]>
Date:	Mon, 6 May 2002 09:51:37 -0400
Content-Type:	text/plain; charset="iso-8859-1"
MIME-Version:	1.0
Reply-To:	"Senk, Mark J." <[log in to unmask]>
Parts/Attachments:	text/plain (71 lines)

I got this one today and was suspicious because of the poor grammar. Your
next anti-virus warning might contain a virus itself.  Remember when all we
had to worry about were messages with the Subject "Good times" ?


excerpted from http://antivirus.about.com/library/weekly/aa041702a.htm

However, according to antivirus developer
F-Secure,
an even more insidious message may be sent:


Subject:

Worm Klez.E immunity

Body:

Klez.E is the most common world-wide spreading worm.It's very
dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus
technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious
virus.
You only need to run this tool once,and then Klez will never
come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real
worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.

Though the 'mail to me' is represented as a link to the sender's e-mail
address, F-Secure warns that this address is not always the real sender's
address.
The spoofing of the sender's name/address is not unique to Klez.H, this same
behavior is present in
Klez.E
as well.

The attachment will have either a BAT, EXE, PIF, or SCR extension. However,
Klez.H takes advantage of a well-known weakness in the default settings for
Windows, which allows double extension filenames to appear as a benign file
type. Visit the
Executable File Attachments center
for instructions on changing these default settings to ensure you are not
vulnerable to this bit of social engineering.

Klez.H also takes advantage of a vulnerability in unpatched versions
Microsoft's Internet Explorer 5.01 or 5.5 which can allow attachments to be
automatically
executed simply by reading - or in some cases, previewing, the email
message. Outlook and Outlook Express, and any mail other client that relies
upon Internet
Explorer to render HTML email messages are vulnerable to this exploit. The
vulnerability is an old one, first patched in March 2001. To ensure your
system
is fully patched, visit the
Windows Update
site, check for Product Updates, and install any marked Critical. Checking
for and installing security patches should be considered routine maintenance
and should be accomplished at least monthly.


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG