Virus/worm

Kimi A. Adams plug-discuss@lists.plug.phoenix.az.us
Fri, 19 Apr 2002 08:17:41 -0700


--=======2B582179=======
Content-Type: text/plain; x-avg-checked=avg-ok-64F36456; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 8bit

Well, the response that I received for the email virus was expected of 
course.  However, upon research the WORM_KLEZ.G worm is kinda fun, if you 
have a desire to clean, and clean, and clean.  What happens is that 
unsuspecting people are emailing things out from their email programs with 
different files, different subjects, multiple times.  It was found on the 
day that I posted to the group and I had already been infected.

Now, I didn't open the file from the first email at all because I 
recognized that it was a person that was copied on a previous email the day 
before.  Then, when I researched this person, another one came in.  I 
looked at that file without opening and found that it had created several 
directories on my hard drive that previously weren't there (thanks to me 
knowing my directory structure by heart).

I finally found the update on www.trendmicro.com where we get PC-Cilllin 
from.  Did a thorough scan and found 8 files/directories were 
added/infected.  This worm does nothing but take some memory on your 
peripherals and attached network devices.  On the machine at MADD, there 
were 38 files/directories that were affected in about a three hour time frame.

It sends out undeliverable emails to you stating that the email you sent 
didn't get there, but she never sent anything to him for the date/time stated.

More information is coming in as I write this as it has affected so many 
people that I already know.

Hope this finds all Linux boxes okay from this issue.  The one thing that 
it does state is that Windows NT is unaffected by this worm, which is quite 
interesting.

Kimi Adams
Unity Wave

--=======2B582179=======
Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-64F36456
Content-Disposition: inline


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.349 / Virus Database: 195 - Release Date: 4/15/02

--=======2B582179=======--