Virus or what?
Victor Odhner
plug-discuss@lists.plug.phoenix.az.us
Thu, 21 Nov 2002 23:22:14 -0700
Hi, Cliff.
cliff rogers wrote:
> The virus software on InterLogic Graphics & Marketing's (ILGM),
> the server that manages mail for xxx@xxx.xxx <mailto:xxx@xxx.xxx>
> has reported that you sent an e-mail to
> xxx@xxx.xxx <mailto:xxx@xxx.xxx>, containing the :
> W32/Klez.H@mm virus in the PCT.exe attachment. The subject of
> the E-mail was "A very funny website".
The Klez work looks in the address books of machines it
has invaded, and randomly selects addresses to use as
the "From" address of the messages it sends out. This
is done randomly, and it also varies the subject lines.
So all you can know is that SOMEBODY who had you in their
address book got hit by the Klez worm.
Klez exploits a bug in IE5 whose fix has been available
for a long time. Of course Klez can't infect a Linux box.
In fact, I don't think it can hit you if you avoid using
IE5 for browsing and are not using Microsoft mail clients
(since these use IE if they receive an HTML e-mail
message).
I have gotten a million Klez messages on the Linux system
where I have one of my e-mail accounts, and of course
these worms are just data outside the Windows world.
I think Cox.net must be filtering out Klez messages
directed to the address I'm using for mailing lists,
since I haven't seen any on this account (which I read
with Mozilla on Win98).
Vic
http://members.cox.net/vodhner/
-- or --
http://www.newearth.org/~victor/resume.html