| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Help - malicious email - New W32/Klez variants !!!
New W32/Klez variants!!!
New variants of W32/Klez, variously referred to as G,H,K has been
spreading
at a slow but steady rate since the first detected in the early hours
yesterday. The worm is still making progress and may corrupt files.
The Subject of the predominant variant has been changed to include one
of
the following semi-random strings:
Undeliverable mail--"[Random word]"
Returned mail--"[Random word]"
a [Random word] [Random word] game
a [Random word] [Random word] tool
a [Random word] [Random word] website
a [Random word] [Random word] patch
[Random word] removal tools
or the following fixed strings:
how are you
let's be friends
darling
so cool a flash,enjoy it
your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' pictures
Consequently, little can be hooked by lexical analysis. However, as a
long
shot, a few of these may be added to worm.txt without too great a risk
of
false positive results.
Attachment names and message body text are random.
Several anti-virus vendors detect the variant without the need for new
signature updates. However, we suggest that you check the capabilities
of
your vendor and apply updates if necessary.
Links:
http://www.sophos.com/virusinfo/articles/klezh.html
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
ml
http://www.f-secure.com/v-descs/klez_h.shtml
http://www.kaspersky.com/news.html?id=560839
http://www.viruslist.com/eng/viruslist.html?id=4292
http://vil.nai.com/vil/content/v_99455.htm
http://www.norman.no/virus_info/w32_klez_g_mm.shtml
http://antivirus.about.com/library/weekly/aa041702a.htm
http://www.messagelabs.com/viruseye/threatlist.asp
Fang Jin <[email protected]>
Sent by: Mailing list for discussion To: [email protected]
of Firewall-1 cc:
<[email protected] Subject: [FW-1] Help - malicious email
point.com>
04/18/2002 03:50 PM
Please respond to Mailing list for
discussion of Firewall-1
Hello,
We have received claims from other companies saying our staff is sending
bulk mails to them.
After investigation, we found the mail was not originated from our mail
server, our staff didnot send
such mail. Someone else in other bulkmail domain sent out the mail with our
company email address.
e.g. Other company staff received a email
sender: [email protected],
receipient: [email protected],
But aaa didnot send out that mail. We noticed that mail originator is
[email protected] instead of
[email protected]
What are the ways to stop such prank?
Thanks in advance.
Jin
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
