MI-CCGS-L ArchivesArchiver > MI-CCGS > 2002-06 > 1023588949
From: "Bob and Bobby" <>
Subject: [MI-CCGS-L] Re: Virus
Date: Sat, 8 Jun 2002 22:15:49 -0400
A very good evening to all.
I just ran into this article about a very pesky virus that is causing headaches for a lot of folks. Personally, I have been out on several cases of the K L E Z virus in the last few days, so it is really going crazy, spreading like wild fire. The enlosed article describes how you might get infected (if you don't have an up-dated anti-virus application running) by an innocent looking e-mail.
K L E Z can be easy to get rid of, or it can be VERY difficult to get rid of. There are several variations of this virus and I've worked on at least three variations in the past several days. If you are not protected with some form of anti-virus program, you will PROBABLY get whacked by this bug. One way that will tell you for sure that you have this bug is that you will start receiving a lot of "undeliverable" mail, some from addresses that you will be sure that you did not send mail to. I've seen one system that was receiving as many as 40 returned e-mails every 3 or 4 hours. None of them made any sense, but the virus was mass producing e-mails and sending it to any address that it couls locate. many of the recipients had anti-virus protection which refused the e-mail and created a "return as undeliverable". The best advice that anyone can give you is BE VERY CAREFUL and if you do get hooked, get it cleaned off as soon as possible.
K L E Z Gets Worse And Worse
K l e z and its cousin worms, in epidemic distribution, still are causing huge hassles for millions of users. The worms can propagate by copying snippets of valid emails and inserting valid (but stolen) email addresses into the "from" line. Thus, you can get infected emails that look legitimate, but that come from people you never heard of.
Or--- even more alarmingly--- people you never heard of may get worm-infected emails that appear to have come *from you.* If an innocent and uninfected email from you happens to reside on someone else's infected system, the worm may use *your name* and even part of your innocent email, and send it to someone else along with an infected payload.
The risk of this happening is directly proportional to how many emails you've sent out: The more you've sent, the more likely your name and email will reside on someone else's infected computer, where it can be hijacked by the worm for its own purposes.