Digital BW, The Print

Martin,

I too have been recipient of emails from someone with Klez. The important
point to note is that, whilst the email may appear to come from different
users in e.g. Outlook list-view, the _actual_ original sender can often be
seen inside the Header of the email. In outlook, you can right-click on an
email (in list mode) and view 'Options...'.

The sting in the tail for me was that whilst I received empty emails,
someone else always received an email _purporting_ to be from me, but with
the virus attached. Again, viewing the email header showed the real source
of the email.

There is also often a subtle difference in the way that users are identified
in such emails - often being seen as their email address, rather than e.g.
their 'name' like Nij in my case.

SO... please to all, don't rush to blame on such an issue, as the virus does
like to cause that :(  However, do notify the 'apparent' sender, and also
the actual originator. If it turns out you are the originator, download some
fixes from the internet (ideally on a clean PC) and disconnect from the
internet until you have cleaned all your machines of the virus. That means
disconnect your modem, ADSL cable, whatever. There is NO reason why you
can't clear this worm in one day flat and without infecting a single other
person... though it would really help if people would apply security patches
etc to Outlook / Internet Explorer etc that prevented auto-runnign scripts
and so on.

Best regards,
nij



> -----Original Message-----
> From: Martin Wesley [mailto:mwesley250@...]
> Sent: 05 June 2002 05:56
> To: DigitalBlackandWhiteThePrint@yahoogroups.com
> Subject: [Digital BW] Virus/Worm Caution
>
>
> All,
>
> For the last several days I have received 2 or 3 e-mail every
> evening containing a worm virus known as W32.Klez.H@mm. Each
> night it is from a different e-mail address. The e-mails are
> addressed to my two personal addresses and to me as list owner of
> this group. So I suspect that some group member or former group
> member's computer is infected with this worm virus.
>
> (The virus is not coming in with messages from the list. Yahoo
> has antivirus software in place to block that.)
>
> You can read all about this virus at:
>
> http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@...
>
> The damage it causes in rated as moderate but it is difficult to
> remove if your computer becomes infected. It is one of those
> worms that resides on your computer, searches for e-mail
> addresses and then does mass mailings to those addresses using
> randomly selected files from your computer for the text, itself
> as an automatically executing attachment, and a randomly selected
> e-mail address from your computer as the sender. At this point it
> is a nuisance as my Norton Anti-virus cannot do a repair but can
> only quarantine the file so I have to delete it manually.
>
> So everyone please take this as a reminder to use antivirus
> software, keep it turned on and keep your virus definition files
> updated regularly. All of us who are very active on the Internet
> need to protect ourselves and our friends.
>
> Thanks,
> Martin Wesley
> http://www.borderless-photos.de/guests.html
>