[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Help - malicious email - New W32/Klez variants !!!
New W32/Klez variants!!! New variants of W32/Klez, variously referred to as G,H,K has been spreading at a slow but steady rate since the first detected in the early hours yesterday. The worm is still making progress and may corrupt files. The Subject of the predominant variant has been changed to include one of the following semi-random strings: Undeliverable mail--"[Random word]" Returned mail--"[Random word]" a [Random word] [Random word] game a [Random word] [Random word] tool a [Random word] [Random word] website a [Random word] [Random word] patch [Random word] removal tools or the following fixed strings: how are you let's be friends darling so cool a flash,enjoy it your password honey some questions please try again welcome to my hometown the Garden of Eden introduction on ADSL meeting notice questionnaire congratulations sos! japanese girl VS playboy look,my beautiful girl friend eager to see you spice girls' vocal concert japanese lass' pictures Consequently, little can be hooked by lexical analysis. However, as a long shot, a few of these may be added to worm.txt without too great a risk of false positive results. Attachment names and message body text are random. Several anti-virus vendors detect the variant without the need for new signature updates. However, we suggest that you check the capabilities of your vendor and apply updates if necessary. Links: http://www.sophos.com/virusinfo/articles/klezh.html http://securityresponse.symantec.com/avcenter/venc/data/[email protected] ml http://www.f-secure.com/v-descs/klez_h.shtml http://www.kaspersky.com/news.html?id=560839 http://www.viruslist.com/eng/viruslist.html?id=4292 http://vil.nai.com/vil/content/v_99455.htm http://www.norman.no/virus_info/w32_klez_g_mm.shtml http://antivirus.about.com/library/weekly/aa041702a.htm http://www.messagelabs.com/viruseye/threatlist.asp Fang Jin <[email protected]> Sent by: Mailing list for discussion To: [email protected] of Firewall-1 cc: <[email protected] Subject: [FW-1] Help - malicious email point.com> 04/18/2002 03:50 PM Please respond to Mailing list for discussion of Firewall-1 Hello, We have received claims from other companies saying our staff is sending bulk mails to them. After investigation, we found the mail was not originated from our mail server, our staff didnot send such mail. Someone else in other bulkmail domain sent out the mail with our company email address. e.g. Other company staff received a email sender: [email protected], receipient: [email protected], But aaa didnot send out that mail. We noticed that mail originator is [email protected] instead of [email protected] What are the ways to stop such prank? Thanks in advance. Jin ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|