Jump to content
GreaseSpot Cafe

Klez Virus explanation


igotout
 Share

Recommended Posts

Wanted to post this here so people can understand a little bit about how the Klez Virus works. I like to say "even though you may not be infected, you may be affected". It's a nasty one and about all you can do is protect yourself. Unfortunately you can not make the rest of the world protect themselves. A computer technician writes:

________________________________________

Question:

"I had some strange e-mail sent to me yesterday. They were e-mails that were "undeliverable" from the mail delivery system -- it turns out that I did not send out these e-mails. So, I am a bit confused. Is this due to my being in a person's address book whose PC is infected with the Klez Worm?"

Answer:

"Anyone who does e-mail in any fashion -- by a Windows PC, by a Mac, by Web TV, by a pigeon with a Palm strapped in a mini-backpack, maybe -- can be affected by the Klez Worm. That's because the Klez Worm steals e-mail addresses and uses the ones it stole to create fake "From:" addresses on mail it sends out.

So if your Aunt Nellie has 500 names in her Windows address book, she might be getting YOU in big trouble if she allows the Klez Worm to infect her Windows PC. The worm could send itself out to all those recipients and make it seem like the renewed worm infestation came from you.

Many people seemed bewildered when they wrote to ask what the Klez Worm does, and far too many are missing the point. The Klez Worm can make it seem as if you are mailing a virus (a worm is a special kind of virus) to any number of recipients. If these recipients decide to take you off their Wednesday bridge-party list, that's one kind of social penalty. But if their ISP decides to block all your mail because you refused to stop sending the virus, you'd surely object.

You should realize that the Klez Worm does this no matter what kind of computer or operating system you have. Mail that seems to be from you is treated as if it IS from you.

If someone stole your credit card and got you deep into debt and thereby ruined your credit, you'd be devastated. The Klez Worm is no different. It has already stolen the e-mail addresses of millions of e-mail users, no matter if they are Windows users or not, and it damages the reputations of all those individuals each time it sends itself out under their addresses.

Everyone who has been ignoring e-mail safety needs to start taking this more seriously. Make sure you have virus protection on your email."

___________________________________________

Others who are knowledgeable might want to contribute their experiences and advice here.

Thanks,

John R.

Link to comment
Share on other sites

That is just a removal tool if you have been infected already.

This does not stop you from receiving the attachment in the email. Antivirus software is for that purpose. It will block all viruses and automatically quarintine them. You can have this task performed in the background so that you are not interrupted I believe. Just because you receive a virus does not mean you are infected.

Just be sure to have email protection and do not open the attachments associated with that email.

You can also add email addresses to your blocked senders list to stop it.

Link to comment
Share on other sites

Yes, good point.

I guess I assumed that no one would be so risky as to be on a public forum without adequate Antivirus protection. That is just throwing caution the the wind. Especially since these Klez viruses are so prevalent in our country now.

(Edited cuz I kan't spell good.)

[This message was edited by igotout on October 02, 2002 at 20:43.]

Link to comment
Share on other sites

Hi,

I thought it appropriate to weigh in on this thread because my secular job involves being the AntiVirus Coordinator for a world-wide company.

The problem with KLEZ is that it "spoofs" the return address. You could be protected to the hilt and still get the butt end of the KLEZ joke. All you did was send someone an e-mail who later got infected. The virus was sent out from their PC with your return address on it instead of theirs. In fact, in the past two days the most widespread new virus since KLEZ has arisen and it has adopted the same trick of "spoofing" the return address.

But it is still necessary to protect yourself with Anti-Virus Software and keep it updated, especially if you have a Cable connection or DSL line.

In addition to using an Anti-Virus program it is highly recommended to patch your operating system and programs with the latest patches. That will automatically protect you against half of the new viruses. It will protect you even before your Anti-Virus software gets its update. The other half of the new viruses come by way of browsing to infected websites or downloading files from websites that have trojans imbedded in them.

Microsoft, though the cause of most of the problems due to poor quality control with their programs, does have a good site to give your PC a security check-up

http://www.microsoft.com/security/articles/steps_default.asp

Another thing you can do if you have Windows 2000 or XP is to run the Microsoft Baseline Security Analyzer. This program will check out your PC and recommend ways of closing security loopholes. Just go to Microsoft.com and search for "Baseline Security Analyzer".

Link to comment
Share on other sites

You are correct Research Geek. I posted on another thread, how important it is to keep up to date on Microsoft's updates, patches, and service packs.

Those with always on connections (adsl, road runner, etc) need to take extra precautions too...some sort of firewall, be it software, or hardware. There are free ones...zone alarm comes to mind, but I don't know much about it since about a year ago. If anyone out there has any experience with it recently, I'd like to know, good or bad, as I'd like to know wheather to recommend it to clients, or not.

Rick

Link to comment
Share on other sites

This is a favorite of mine for years. Click on this link to go to Shields Up.

Click Here

It will test your computer securtiy and probe your ports and give you the good or bad news as to how open your computer is to the internet. The idea is to have your computer shielded against invasion from an outsider. I have a firewall built into the router I use. All my reports are Stealth which is good news I hope.

One simple precaution - For those of you who do not need it you should make sure your files and folders are not shared. Right click on Network Neighborhood, click on properties. Then go to the properties for your connection and deselect File and Printer Sharing for Microsoft Networks.

Research Geek, when you have time I would enjoy hearing your opinion about my unprofessional discussion concerning Antivirus Software. You can tell me where I am wrong. It would be good to hear from someone who knows this field and to keep us amateurs in line. It is in Computer related.

John R.

Link to comment
Share on other sites

quote:
Another thing you can do if you have Windows 2000 or XP is to run the Microsoft Baseline Security Analyzer. This program will check out your PC and recommend ways of closing security loopholes. Just go to Microsoft.com and search for "Baseline Security Analyzer".

I have Windows XP and went to the Baseline Security Analyzer site and downloaded it, it took a little while, but after it was all over listed the vulnerabilities. Then to cure the vulnerabilities it took me to "Microsoft Windows Update", and then I installed all the updates, including the new Windows XP service pack.

Question: if the solution is the same, wouldn't I have saved some time just going directly to the Microsoft Windows Update website and download the updates directly from there, rather than spending time with the Baseline Security Analyzer?

Just wondering if it's worth it to run the "Analyzer" when all I need to do is Update every once in a while.

Thanks!

Link to comment
Share on other sites

quote:
Originally posted by oldiesman:

Just wondering if it's worth it to run the "Analyzer" when all I need to do is Update every once in a while.

Thanks!


I think Windows Update does a fine job of taking care of that for Windows security problems, however Windows Update doesn't cover other things. If you run stuff like AOL instant messenger, KaZaA, etc. then any security problems in those will not be fixed by the Windows Update.

Personally, I run CNet's Catchup program (I believe the URL is http://catchup.cnet.com) and it does both security and version audits so I have all the patches and the most current versions of the software.

Link to comment
Share on other sites

Another good idea is to set up one of those free Web-mail accounts at hotmail, yahoo, or excite, and only give that address out to others, especially businesses. These accounts typically use only your web browser to read them, so many of the viruses associated with Outlook are diminished. Also, turn off the setting in Outlook that automatically opens a message when it's highlighted. If you don't turn this off, the top message in your Inbox always gets opened automatically. If it's infected, you just got hit.

Never open any message from anyone you do not know. I have never, not once, in all my 20 years of computing, ever gotten an unsolicited email offer that was worth exploring. Delete, without opening, any message that comes in from anyone you do not know. Period.

Suspect and delete any message that starts out with the letters "Fw:" immediately. Anything forwarded to you is generally a stupid, time-wasting 20-year old joke or a maudlin anecdote about Jesus, friendship, or Africans needing to smuggle thirty million dollars out of Botswana. Friends don't send friends chain letters.

Everybody has a different sense of humor. In other words, those jokes you think are soooo funny, really don't need to be mass-forwarded to everyone in your address book just because *you* laughed.

If I give you my email address, I only want to hear from YOU. If you think something is just so pancreas-shatteringly funny that I just HAVE to see it, take the time to write and ASK first. I may have already seen it six times today and taken a mighty vow to hunt down and disembowel the next person who sends it to me. Don't be lucky number 7!

If your life is just so incomplete if you can't dump emails to your entire address book, for the love of Pete, save them all into one big digest and email them to me once a week only. That way, I only have to auto-erase one big message.

Thank you for your cooperation.

Zix

Link to comment
Share on other sites

If you happen to have one of those "friends" who forwards you fifty cans of spam a day, here's a good way to get even:

If they are on standard phone dialup, go to the library or any other place that has a high-speed/broadband connection to the Internet, and just start replying to every message they send you with the same message attached to a huge 500-kilobyte picture of your kitchen sink, or your favorite blank wall, or a bit of dirt on your porch that you found somewhat interesting.

When it takes the schmuck four hours to retrieve all his email due to your replies, one of two things will happen:

1) He'll get the message, or

2) He won't have any time left to forward you any more spam.

This is the electronic equivalent of "brickmailing". It used to be that companies who sent a lot of junk mail with Business Reply Mail return cards ("no postage necessary") could take a nasty hit on postage if you taped their Reply card to a brick and dropped it in the mailbox. Postage is charged by weight, after all. Alas, the post office won't take the bricks any more--too big. But for those clueless e-remailers, it's just the thing.

Double points if their ISP is AOL or WebTV. It's morally wrong to give the clueless an even break. (just kidding)

Link to comment
Share on other sites

Zixar - I did not know you were so evil. But I like that idea. I have a few "friends" who do this mass emailing. One is on this forum, who sends me political commentary stuff all the time. I am one of their recipients. Another is my neighbor who mails me (and everyone else in his entire address book) jokes incessantly.

Both these are in my blocked senders list, it got so bad. I wish they would use common sense. I have not had the nerve to tell them that they are being very annoying. I just block them and they don't even know it. All their emails go to the trash.

Link to comment
Share on other sites

This has been mentioned before but I think it's worth repeating. For those who insist on sending emails to multiple recipients, please use the bcc field. That way, even when viewing the header info, the person who receives it will not see everyone else's email address who is on your list.

Rick

Link to comment
Share on other sites

igotout: For a little extra twist, make sure you send them the exact same picture each time, but with a different name.

"My cat was just soooo cute last night! I managed to snap a picture..." (huge, over-flashed, red-eye pic of bored cat sitting on floor)

"You'll never believe what he did tonight! Look!"

(same pic)

"Bought a new Cadillac today, and it's FINE! Check it out!"

(same pic)

"Pipe burst last night in the laundry room. The plumber says it'll cost $4000 to fix! Look at all the damage! Here's the inside wall, outside wall, floor tile and garage"

(send same frickin' cat pic FOUR times)

Even more evil variation on a theme: Embed one of those REALLY annoying music-box-type songs into the emails along with the picture. "Pop Goes The Weasel" is a good vile choice for this. When every single email he gets from you blasts "PGTW" over his speakers... You get the idea.

>:)

Have fun!

Zix

Link to comment
Share on other sites

Bluzeman-- Thank you for repeating that again about using the BCC on emails people insist on mass-mailing.

I don't appreciate when my email is in a list of email addys someone sends -- and then it gets forwarded, etc

PLEASE everyone, discover what that little "bcc" button is for on your email address book. My accounts ask for at least one address in the "to" box before it will send to the people listed in my bcc box, so I send it to my other email addy in the "to" box, then list the other emails in the bcc list.

BTW: those of you that send me any emails that have a "please don't break the chain" in em -- especially when they start telling me I am a heartless indiviual if I delete the message, get deleted immediately!! If ya don't want a "chain" broken, DON'T SEND IT TO ME!!!!! LOL!

Link to comment
Share on other sites

I received an email from someone who said they may have emailed me a virus and to look for "jdbgmgr.exe" and that it would have a little bear on it.

I did and it did.

It also said that norton nor that other one could detect it.

I use pc-cillin by trend micro, and they didn't even have it listed.

Anyone know of this one?

Thanks so much,

Kit Sober

[This message was edited by Kit Sober on October 11, 2002 at 22:27.]

Link to comment
Share on other sites

Windows/system needs this file.

Thanks for all the great information in this place.

I tried the shields up and it said my pc was secure.

Also, Mr. P-Mosh -- the http://catchup.cnet.com program is not available any longer.

Thankyousoverymuch,

Kit Soberangelkit.gif

The course of the bubonic plague was turned by the concept of clean.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...