Klez.E Anti-Virus-Virus
Results 1 to 7 of 7

Thread: Klez.E Anti-Virus-Virus

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    831

    Klez.E Anti-Virus-Virus

    Ohhh, lucky me.. someone thinks I'm special enough to share this free tool with... don't I feel special.... now, if only I knew who you were, I might have paused 2 seconds before deleting it....

    Received: from hoorn.tcc.to (mail.kalinet.to [207.124.73.129]) by <removed> with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
    id LXF26PJK; Thu, 6 Jun 2002 05:56:20 +1000
    Received: from Bzxvfrpjj (dialup30 [209.58.72.161])
    by hoorn.tcc.to (8.11.6/8.11.6) with SMTP id g55JjBH31775
    for <removed>; Thu, 6 Jun 2002 08:45:11 +1300
    Date: Thu, 6 Jun 2002 08:45:11 +1300
    Message-Id: <200206051945.g55JjBH31775@hoorn.tcc.to>
    From: tafolo <tafolo@kalianet.to>
    To: <removed>
    Subject: Worm Klez.E immunity
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary=Zi50fb3wZ99ox7qy5by

    --Zi50fb3wZ99ox7qy5by
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable

    --Zi50fb3wZ99ox7qy5by
    Content-Type: application/octet-stream;
    name=AND.scr
    Content-Transfer-Encoding: base64
    Content-ID: <U38tyoHT03>

    --Zi50fb3wZ99ox7qy5by

    --Zi50fb3wZ99ox7qy5by
    Content-Type: application/octet-stream;
    name=button-arrow-back[1].jpg
    Content-Transfer-Encoding: base64
    Content-ID: <U38tyoHT03>

    --Zi50fb3wZ99ox7qy5by--



    Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
    Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
    We developed this free immunity tool to defeat the malicious virus.
    You only need to run this tool once,and then Klez will never come into your PC.
    NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
    If so,Ignore the warning,and select 'continue'.
    If you have any question,please mail to me.
    Tricky, eh?
    All these little tricks the kiddies have.... your constantly under attack... with nerf guns, but still its an attack....

    You might want to warn your users, or block this email, using the header information I provided (I'm pretty sure there's enough there to do it)...

    If the person had been a little more careful (with their wording), and faked the sender address, this could fool quite a lot of people... yes, stupid people are people too..
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  2. #2
    NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
    If so,Ignore the warning,and select 'continue'.
    If you have any question,please mail to me.


    LOL....


    On a side note, what the hell does sOnIc have against beer!? Is there nothing sacred anymore?

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    here.. let a little social engineering help make the medicine go down.. hehe

  4. #4
    Member
    Join Date
    May 2002
    Posts
    31
    Hey, I've been reciving that email for about a month now...been deleting it every time...it didnt work when i tried to block the address :/


    By the way what did u do to get so much info on that email...would be useful if i knew how to do that...
    [shadow] The Reflection Of A Pool Does Not Reveal Its Depth[/shadow] [blur]-Anonymous[/blur]

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    262
    If you want to see addresses just change your settings for email they are in the options. Good post Matty nice to see your still on the ball and not under the table.
    No good deed goes unpunished.

  6. #6
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    MC> There is a version just like this that comes from one of the users in the senders address book. The reason you didn't know the sender is that the address was faked out of the senders outlook address book.

    ie If I sent you the message, it might come from Errata, because her email is in my address book. If you didn't know her, thats one thing, but if you do, you may be more likely to open it...trust me some idiot on my network opened it (ok 2 idiots did).

    Code:
    Received: from hoorn.tcc.to (mail.kalinet.to [207.124.73.129]) by <removed> with SMTP
    Common, put the removed part back. Please?????? Especially with the Microsoft Exchange Server :P

    Oh well, guess not
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  7. #7
    Member
    Join Date
    May 2002
    Posts
    31
    I got this msg in my email toady...im starting to get PO:W32.Klez.E is a special dangerous virus that spread through email.
    Kaspersky give you the special W32.Klez.E removal tools

    For more information,please visit http://www.Kaspersky.com (also an attachment)

    heres a bit of more info on this msg if anyone can do something about who ever this is plz tell me....Return-Path: <jpciccone@monad.net>(i think this is faked)
    Received: from thresher.prexar.com ([192.168.121.25]) by mta1.prexar.com
    (InterMail vK.4.03.05.03 201-232-132-103 license 825bd1c9497ec8feaf544f28fddada32)
    with ESMTP id <20020606034624.VFNQ7348.mta1@thresher.prexar.com>
    for <removed>; Wed, 5 Jun 2002 23:46:24 -0400
    Received: from thresher (localhost [127.0.0.1])
    by thresher.prexar.com (Switch-2.2.2/Switch-2.2.0) with ESMTP id g563e1618649
    for <removed>; Wed, 5 Jun 2002 23:40:01 -0400 (EDT)
    Received: from Fqprbnt (arc3-55.keene.monad.net [206.231.110.55])
    by smtp.mcttelecom.com (8.10.0/Nope) with SMTP id g563ZKP25078
    for <removed>; Wed, 5 Jun 2002 23:35:21 -0400 (EDT)
    Date: Wed, 5 Jun 2002 23:35:21 -0400 (EDT)
    Message-Id: <200206060335.g563ZKP25078@smtp.mcttelecom.com>
    From: MSMalnati <MSMalnati@yahoo.com>
    To: removed
    Subject: W32.Klez.E removal tools
    MIME-Version: 1.0
    X-BLTSYMAVREINSERT: vZHD2WT+ozwS3YuAbBvDgv9XwWQA
    Content-Type: multipart/alternative;
    boundary=VS046Wh82vl9I724n77892m
    [shadow] The Reflection Of A Pool Does Not Reveal Its Depth[/shadow] [blur]-Anonymous[/blur]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides