Ryandor.com

Forums
It is currently Sat Apr 27, 2024 12:50 pm

View unanswered posts | View active topics


Board index » Chat » Chat

All times are UTC - 7 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 16 posts ] 
  Print view Previous topic | Next topic 
Author Message
Ryandor
 Post subject: Word of advice
PostPosted: Sat Jun 29, 2002 6:49 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
Everyone out there: SCAN YOUR COMPUTER. I'm really getting sick of getting like 6 viruses (viri) per day. It started about a week ago that I started getting flooded with them. Somebody (or bodies) is sending these out with a vengence. I can deal with the occational one that comes in, but seriously, I've gotten 3 in the past 6 hours. If you don't have a anti-virus, there are some free ones out there you can use. I've not been infected so you don't have to worry about me sending it.
Here's the virus I've been getting:
Quote:
W32.Klez.H@mm
Also Known As: W32/Klez.h@MM, WORM_KLEZ.H, W32/Klez-G, I-Worm.Klez.h, Klez.H, W32/Klez.H, Win32.Klez.H, WORM_KLEZ.I

Damage:
Payload: This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.
Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment.
Distribution:
This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. The worm contains its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm encounters the address user @abc123.com it will attempt to send email via the server smtp.abc123.com.
The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.
The body of the email message is random.
Because this worm uses a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.


You can get more info at
http://securityresponse.symantec.com/av ... .h@mm.html
Top
 Profile  
 
KnightD
 Post subject: I agree Ryandor
PostPosted: Sat Jun 29, 2002 9:42 am 
Offline
Apprentice
Apprentice

Joined: Mon Jun 24, 2002 7:01 am
Posts: 24
I hate virus as well, and this Klez virus is not a nice one. Clean your system, even if you have not sent an email or visited Ryandor site. My roommate got this virus once, and even when I cleaned it up. Another website tried to send her the virus again.

A few things to check
1: Update your virus scans. If you dont have one, get one. You dont want to be loading up all your software. Over and Over again.

2. If you seem to be getting hit with a virus. Check and make sure IIS ( the windows web servers ) is not running. If you need this service, get the microsoft IIS lockdown tool. This helps alot.

KnightD
Top
 Profile  
 
KnightD
 Post subject: I agree Ryandor
PostPosted: Sat Jun 29, 2002 9:44 am 
Offline
Apprentice
Apprentice

Joined: Mon Jun 24, 2002 7:01 am
Posts: 24
I hate virus as well, and this Klez virus is not a nice one. Clean your system, even if you have not sent an email or visited Ryandor site. My roommate got this virus once, and even when I cleaned it up. Another website tried to send her the virus again.

A few things to check
1: Update your virus scans. If you dont have one, get one. You dont want to be loading up all your software. Over and Over again.

2. If you seem to be getting hit with a virus. Check and make sure IIS ( the windows web servers ) is not running. If you need this service, get the microsoft IIS lockdown tool. This helps alot.

KnightD
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Sat Jun 29, 2002 11:27 am 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
Well if you keep geting this virus many times in a short period of time, then it's obvius someone with your e-mail address is infected.

You'd have to be pretty stupid to get this virus anyway, I mean, who's stupid enough to open a .exe attachment? lol
Top
 Profile  
 
Ryandor
 Post subject:
PostPosted: Sat Jun 29, 2002 2:16 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
The problem with this one is it's not just an exe file that can be distro'ed.
I've seem this one as an exe, a scr, and a bat. And if you use Outlook Express, it may open itself if you have the preview pane on.

-Ryandor
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Sat Jun 29, 2002 2:53 pm 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
Well that's a security hole for sure then, cuz all those file types should NEVER be opened as an attachment unless you know exactly what they are beforehand.
Top
 Profile  
 
Ryandor
 Post subject: update
PostPosted: Mon Jul 01, 2002 6:43 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
Well it appears that someone who read this has followed my advice..
I received 2 more after posting this, both on Saturday. Today I've not gotten any (so far).

A light, however dim, at the end of the tunnel?

-Ryandor
Top
 Profile  
 
Ryandor
 Post subject:
PostPosted: Fri Jul 05, 2002 4:02 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
Nope, still getting them, however, it's down to about 1 per day.

Someone out there still has it. :(

-Ryandor
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Fri Jul 05, 2002 5:13 pm 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
Send a reply saying "You have a virus."
Top
 Profile  
 
Ryandor
 Post subject:
PostPosted: Fri Jul 05, 2002 5:45 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
As I quoted from Symantec:
Quote:
Because this worm uses a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

So that idea don't work.

-Ryandor
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Fri Jul 05, 2002 5:46 pm 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
Well duh :-P Don't reply to the "from" address, reply to the "received-from" address
Top
 Profile  
 
Ryandor
 Post subject:
PostPosted: Fri Jul 05, 2002 5:49 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
That don't work either 90% of the time. It's not the "displayed" From filed it changes.
Since the virus has it's own internal smtp capabilities, it can do it from who/what ever.
The best you could do is get an IP it was sent from. As you know, that would involve going through the isp to track down who was using that IP at that time (for dial-up)

-Ryandor
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Fri Jul 05, 2002 5:51 pm 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
Well yuo can still get the name of the actual server it was sent from. (IP)

Just block e-mail from that server. (unless it's a huge one like Yahoo or MSN...)
Top
 Profile  
 
Ryandor
 Post subject:
PostPosted: Sat Jul 06, 2002 1:59 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sun Jun 02, 2002 8:01 pm
Posts: 1473
Location: CO, USA
You just have to get the last word on this, don't you?
*ZZZZAP*
:P

-Ryandor
Top
 Profile  
 
kirre
PostPosted: Sun Jul 07, 2002 1:23 am 
Offline
Arbiter

Joined: Mon Jun 10, 2002 12:50 am
Posts: 11
Hello and welcome to 10 hours of Virus cleaning of this one virus. My school got it and is on a Fiber Optics network with our elementry. Our priciples computer got it and within 20 mins we had 42 infected computers. This virus will follow your virus scanner around. If you have more then one computer on a network you must unplugg all the computers from the network and then run the scan, reboot and then clean the rest. once all are done you should not be re-infecting each other. Everytime your computer reboots it sends it out on every connection you have. I got it on my PALM PILOT! It hooked up to one of the files i was installing. Had to wipe my Palms Memory. So like ya.

Chow
Tyr
Top
 Profile  
 
Sydius
 Post subject:
PostPosted: Sun Jul 07, 2002 8:42 am 
Offline
Peanut Gallery
Peanut Gallery
User avatar

Joined: Sun Jun 02, 2002 8:53 pm
Posts: 1864
Location: Hayward, CA
You really need to get a better network system then, it shouldn't be sharing files like that or allowing un-authorized access to other computer's software.

Anwyay I don't understand how it could "follow your scanner" around unless your virus scanner is on a floppy? If so, duh :-P

If it's on a CD-ROM, there's pretty much no possible way you could get it infected (and thus spread it via the scanner)... well, it's possible, but you would have to try hard to manage this.

Overall though, tell your school to get better network software and don't allow one computer to alter or run programs on another computer in the network, theres no real need for that.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 16 posts ] 

Board index » Chat » Chat

All times are UTC - 7 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 45 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group