Virus/worm
Kimi A. Adams
plug-discuss@lists.plug.phoenix.az.us
Fri, 19 Apr 2002 08:17:41 -0700
--=======2B582179=======
Content-Type: text/plain; x-avg-checked=avg-ok-64F36456; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 8bit
Well, the response that I received for the email virus was expected of
course. However, upon research the WORM_KLEZ.G worm is kinda fun, if you
have a desire to clean, and clean, and clean. What happens is that
unsuspecting people are emailing things out from their email programs with
different files, different subjects, multiple times. It was found on the
day that I posted to the group and I had already been infected.
Now, I didn't open the file from the first email at all because I
recognized that it was a person that was copied on a previous email the day
before. Then, when I researched this person, another one came in. I
looked at that file without opening and found that it had created several
directories on my hard drive that previously weren't there (thanks to me
knowing my directory structure by heart).
I finally found the update on www.trendmicro.com where we get PC-Cilllin
from. Did a thorough scan and found 8 files/directories were
added/infected. This worm does nothing but take some memory on your
peripherals and attached network devices. On the machine at MADD, there
were 38 files/directories that were affected in about a three hour time frame.
It sends out undeliverable emails to you stating that the email you sent
didn't get there, but she never sent anything to him for the date/time stated.
More information is coming in as I write this as it has affected so many
people that I already know.
Hope this finds all Linux boxes okay from this issue. The one thing that
it does state is that Windows NT is unaffected by this worm, which is quite
interesting.
Kimi Adams
Unity Wave
--=======2B582179=======
Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-64F36456
Content-Disposition: inline
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.349 / Virus Database: 195 - Release Date: 4/15/02
--=======2B582179=======--