August 28th, 2002 12:08 AM
Klez in Network
I have recently been clobbered by the Klez Virus all over my network. Fortunately I had proper virus protection on all my machines but other agencies share the network on their own domains. Can a virus jump domains in the same network if there is no trust relationship between them?
August 28th, 2002 02:30 AM
Klez can travel over network shares to other machines. Now, it is possible to map a drive to a remote Windows box witout there being a Trust between the domain the mapping machine is in and the domain the destination machine is in. You can just provide the user credentials when you map the drive.
And the Klez worm can travel over these mapping and deposit itself!
The best way to check which machines you are mapped to is to do a NET USE from the Command Prompt. That will list all mapped drives AND IPC$ the machine has authenticated to. I "think" that Klez can go over the IPC$ authentication also, but don't quote me on that.
It really is like a spiderweb the way neworking connections can be in regards to Klez. It can bounce from machine to machine over forgotten drive mappings, and you are standing around wondering how it got around.
Read more about Klez here: SARC write-up on Klez
August 28th, 2002 04:29 AM
I "think" that Klez can go over the IPC$ authentication also, but don't quote me on that.
Klez definately does go across IPC$. Either that or it just materialized onto my computer from the firey depths of virus hell.
Hic ego barbarus, sum quillo non intelligor illis.
Because they do not understand me, I am a barbarian.
August 29th, 2002 11:36 PM
theres like 6 or 7 types of klez, i think you should find out which one it is and do some looking up on it and see what it attacks and how. i had klez.i for a while,thats what got me looking into Av's more as most that i tried could'nt remove it.
BE VERY SURE THAT IT IS GONE BECAUSE A TRADE MARK OF klez IS TO COPY ITS SELF AND HIDE.
MANY OF MY av'S THAT I TRIED OUT SAID THE CLEANED IT BUT IT KEEP REAPPEARING.
hope this helped.