[Sca-cooks] Fw: Warning ... Virus problem....

Phlip phlip at 99main.com
Fri Nov 29 08:58:07 PST 2002 

Sorry for the bandwidth, folks, but I think someone on Cook's List has Klez.

I got the following message from Vincenzo today. Considering that I haven't
had the bright.net addy for about 3 years, and it has never been on this HD,
it means that someone who has been on Cook's List all that time likely is
infected.

In addition to all the information Vincenzo has provided below, please check
the following:

You use Outlook Express or Outlook for your mail.

You have been on Cook's List for several years.

You have, phlip at bright.net in your address book.

And, you may have communicated privately with either or both of us.

If most of these conditions hold true, please follow his instructions to
clean up your computer. Although I'm very sure it's not in my system, I'll
be doing it myself, on general principles.

Ene bichizh ogsen baina shuu...

> Phlip,
>
> I got a message tonight that carried the Klez virus
> (W32.Klez.H at mm).  This is a virus that forges the
> eMail headers to disguise the actual identity of the
> originating PC.
>
> The return address was phlip at bright.net and the
> headers indicate that the message came from
> smtp.prodigy.net.mx , I don't know how to tell which
> of the headers are forged.
>
> That is, the message coould have originated on a PC
> other than yours, but with headers forged to appear as
> though your PC sent the message.
>
> If the Klez virus is not present on your PC, it would
> have to be present on a PC with both my eMail address
> (mdiehl at nac.net) and your address (as phlip at bright.net).
>
> We should try to find out who that might be so that
> he can run the Klex removal tool.
>
> Please be sure you have the latest virus signatures
> and run a full scan on your PC.
>
> Here are some references ...
>
> http://antivirus.about.com/library/blklez.htm
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
>
> Quoting from the Norton page,
>
> If the message is opened in an unpatched version
> of Microsoft Outlook or Outlook Express, the
> attachment may be automatically executed.
> Information about this vulnerability and a patch
> are available at
>
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
>
> Please let me know if you can or cannot take care of this.
>
> --
> Martin G. Diehl



Phlip

 If it walks like a duck, and quacks like a duck, it is probably not a
cat.

Never a horse that cain't be rode,
And never a rider who cain't be throwed....

More information about the Sca-cooks mailing list