W32/Klez (again).
Results 1 to 3 of 3

Thread: W32/Klez (again).

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    W32/Klez (again).

    W32/Klez, again .

    Source: "Threat Lab News"

    New variants of W32/Klez, variously referred to as G,H,K has been spreading at a slow but steady rate since the first detected in the early hours yesterday. The worm is still making progress and may corrupt files.

    The Subject of the predominant variant has been changed to include one of
    the following semi-random strings:

    Undeliverable mail--"[Random word]"
    Returned mail--"[Random word]"
    a [Random word] [Random word] game
    a [Random word] [Random word] tool
    a [Random word] [Random word] website
    a [Random word] [Random word] patch
    [Random word] removal tools

    or the following fixed strings:

    how are you
    let's be friends
    darling
    so cool a flash,enjoy it
    your password
    honey
    some questions
    please try again
    welcome to my hometown
    the Garden of Eden
    introduction on ADSL
    meeting notice
    questionnaire
    congratulations
    sos!
    japanese girl VS playboy
    look,my beautiful girl friend
    eager to see you
    spice girls' vocal concert
    japanese lass' sexy pictures

    Consequently, little can be hooked by lexical analysis. However, as a long shot, a few of these may be added to worm.txt without too great a risk of false positive results.

    Attachment names and message body text are random.

    Several anti-virus vendors detect the variant without the need for new signature updates. However, we suggest that you check the capabilities of your vendor and apply updates if necessary.

    Links:
    http://www.sophos.com/virusinfo/articles/klezh.html
    http://securityresponse.symantec.com...klez.h@mm.html
    http://www.f-secure.com/v-descs/klez_h.shtml
    http://www.kaspersky.com/news.html?id=560839
    http://www.viruslist.com/eng/viruslist.html?id=4292
    http://vil.nai.com/vil/content/v_99455.htm
    http://www.norman.no/virus_info/w32_klez_g_mm.shtml
    http://antivirus.about.com/library/weekly/aa041702a.htm
    http://www.messagelabs.com/viruseye/threatlist.asp

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    Ok, now i'm starting to feel left out. No one emails me any virus's.
    Yet again i'm a misfit.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    To protect my IE 5.5 sp1, I d/l & installed the latest virus definitions. M$ Sec. patch q290108 had been installed some time age. I dunno what to do for IE 5.5 sp2 & IE 6.0 except to install the cumulative sec patch plus the latest virus definitions, and hope for the best.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •