hwg-techniques archives Jun 2002 new search results previous next

"Undelivered Mail..."

by "Mike" <ironmike(at)inav.net>

 Date:  Fri, 7 Jun 2002 19:26:20 -0500
 To:  <hwg-techniques(at)hwg.org>
  todo: View Thread, Original 
That's KLEZ!!

Klez is always an email attachment. When opened the worm does its dirty
little thing and replicates itself randomly throughout your system, changes
its name and
tries to send out new replicants to everyone on your email list everytime
your
email system loads. It isn't particularly dangerous, but is HORRIBLY
inconvenient. It even spoofs those "undeliverable...." email notices.

It may start Windows services and emulate active Windows processes. All
these must be killed to rid your computer of the infection. Klez-infected
files must be deleted or disinfected, or the worm just keeps on replicating!

Older ver. (5.0?) may launch the worm when the email is opened -- even if
the attachment is not opened. To prevent this either upgrade to newer, more
secure browsers or install the latest service packs for your browser.

Read this April article from Wired News to find out more about Klez:

http://www.wired.com/news/technology/0,1282,52055,00.html

To get rid of the pest from your computer, visit:

 ****
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.too
l.html   ****

(That is one line with no breaks) Follow the instructions EXACTLY and you
can
disinfect your system. (especially note that the klez-killer must be run
from the desktop.) Then you can notify **everyone** on your mailing lists of
the possibility that they have the virus and let them know how to disinfect
their systems. Then they need to let everyone on their mailing lists....ad
nauseum.

There are other anti-klez sites but I like Symantec the best because of its
detailed instructions.

I receive emails with this pest about half a dozen times a week, all because
my daughter and her husband joined a joke-of-the-day chain letter system
that is now infected.

What we need is a national "Knock out Klez" day where all computer users in
this country spends some time disinfecting their computers. Then everything
will be hunky-dorey until the first overseas email the next day. Oh,
well....

EVERYONE READING THIS MESSAGE SHOULD CHECK FOR KLEZ TODAY -- RIGHT NOW !!!


----- Original Message -----
From: "Bob Unger" <rbu(at)cirex.net>
To: <hwg-techniques(at)hwg.org>
Sent: Friday, June 07, 2002 4:10 PM
Subject: "Undelivered Mail..." has me pulling my hair out!


> For the last few weeks I have been bombarded by "Undelivered Mail Returned
> to Sender" messages.  I get around 20 to 30 a day saying it's returned to
> me because it's infected with Klez - or the recipient doesn't accept
> attachments, etc.... all kinds of reasons.  But most of the "undelivered"
> address's are not in my address book (I use Eudora) and all the messages
> have my address in the "from" field.
>
> I've scanned my disk with Norton and it comes up clean - yet I am getting
> all these "returned mails" with my address on it.
>
> How does Klez work?  Is Klez grabbing my address from other peoples
address
> books that are infected with the virus - and then I get the returned
> mail?  Is there ANYTHING I can do to stop getting all these "returned"
> messages???????
>
> The kicker to all this is, is that it's using my brand new email address
> that I've had for just about a
> month now.  It's driving me insane!
>
> Bob Unger
> rbu(at)cirex.net

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA