BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Klez Virus (was RE: BLU server and spam))

Subject: Klez Virus (was RE: BLU server and spam))
From: bill at horne.net (Bill Horne)
Date: Fri, 24 May 2002 09:50:35 -0400

Because Klez tries to infect target machines by using the IE 5x malformed 
MIME bug, it's attachments don't show up in my version of Netscape. 
Paradoxically, this malformed header ALSO prevents Norton AV from 
recognizing that the file contains the virus!

I had to change the content-type in the email before Norton tripped, which 
I consider a lapse in Norton's detection mechanism.

Bill

-----Original Message-----
From:	Derek Atkins [SMTP:warlord at MIT.EDU]
Sent:	Thursday, May 23, 2002 4:35 PM
To:	John Abreau
Cc:	discuss at blu.org
Subject:	Re: BLU server and spam

Klez usually sends mail in html with a real file and then the virus
attached.  Generally it appears to be 1500+ lines of mail.  I was up
to about 50 Klez messages a day!  Once a Klez-filter was put in place,
I'm down to about 15 spam messages per day.  Not too bad, IMHO.

-derek

John Abreau <jabr at blu.org> writes:

> Derek Atkins <warlord at MIT.EDU> writes:
>
> > Klez?  The email virus that's been going around?
>
> I just looked it up on google. Yet another Windows virus, I see. I did
> notice a few messages that began with "TVqQAAMAAAAEAAAA"; is that Klez?
> However, most of the messages I referred to as spam were html payloads
> with subject lines about hot asian babes or penis enlargers or saving
> money on mortgages. I have exmh configured to defer rendering html, and
> I usually just delete them.
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
> Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
> PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
>
> "The early bird catches the worm, but the second mouse gets the cheese."
>
>

--
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss

Follow-Ups:
- Klez Virus (was RE: BLU server and spam))
  - From: gaf at blu.org (Jerry Feldman)

Prev by Date: Linux used in visualization
Next by Date: Klez (was RE: BLU server and spam)
Previous by thread: Linux used in visualization
Next by thread: Klez Virus (was RE: BLU server and spam))
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org