[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Visibility" and "A special funny game"

To: apple@apnic.net
Subject: Re: "Visibility" and "A special funny game"
From: Peter Kaminski <kaminski@istori.com>
Date: Wed, 05 Jun 2002 19:35:52 -0700
In-reply-to: <E17FgQR-0006Gj-00@flamingo.mail.pas.earthlink.net>
Sender: owner-apple@lists.apnic.net

The previous two emails with these subject lines were generated by a 
worm/virus, probably a Klez variant.  The From: lines attributing them to 
Adam are incorrect and were forged by the worm.  Thanks to MIMEDefang and 
whoever installed it, the worm itself was not transmitted to the list.

By examining the Received: lines in the headers, I can see that the 
messages actually originated from a Level 3 dialup account in Manchester 
(MA? NH?), near Boston, Massachusetts, US, using the main Earthlink mail 
servers as their SMTP host.

If you're running Windows and the Manchester dialup location matches yours, 
please use antivirus software to check your computer for the worm.

Here are two antivirus tools which you may find useful.  I have not tried 
either; use them at your own risk.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
http://housecall.antivirus.com/

You should also update Internet Explorer (part of which is used by mail 
programs to display email, which is how the worm gets itself executed) from 
this page:

http://www.microsoft.com/windows/ie/downloads/critical/Q321232/ (May 15)

More about Klez:

http://www.wired.com/news/technology/0,1282,52174,00.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
http://vil.mcafee.com/dispVirus.asp?virus_k=99455
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.A
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.B
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.C
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.D
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.E
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.F
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.G
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.I
http://www.sophos.com/virusinfo/analyses/w32klez.html
http://www.sophos.com/virusinfo/analyses/w32klezb.html
http://www.sophos.com/virusinfo/analyses/w32klezc.html
http://www.sophos.com/virusinfo/analyses/w32klezd.html
http://www.sophos.com/virusinfo/analyses/w32kleze.html
http://www.sophos.com/virusinfo/analyses/w32klezf.html
http://www.sophos.com/virusinfo/analyses/w32klezg.html
http://www.sophos.com/virusinfo/analyses/w32klezh.html

(This message is released for use, redistribution, or modification under 
the OpenContent License <http://opencontent.org/opl.shtml>.  In plain 
English, the license relieves the author of any liability or implication of 
warranty, grants others permission to use the Content in whole or in part, 
and ensures that the original author will be properly credited when the 
Content is used. It also grants others permission to modify and 
redistribute the Content if they clearly mark what changes have been made, 
when they were made, and who made them. Finally, the license ensures that 
if someone else bases a work on OpenContent, the resultant work will be 
made available as OpenContent as well.  Please send me comments, 
suggestions or edits.  Thanks!)

-- 
Peter Kaminski
http://www.istori.com/peterkaminski/

* APPLe: To unsubscribe, send "unsubscribe" to apple-request@apnic.net *

References:
- Visibility
  - From: ajp <ajp@glocom.ac.jp>

Prev by Date: Visibility
Next by Date: Resourcing The Asian Internet With Ecosystems Thinking
Previous by thread: Visibility
Next by thread: Resourcing The Asian Internet With Ecosystems Thinking
Index(es):
- Date
- Thread