Klez in Network
Results 1 to 4 of 4

Thread: Klez in Network

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    10

    Unhappy Klez in Network

    I have recently been clobbered by the Klez Virus all over my network. Fortunately I had proper virus protection on all my machines but other agencies share the network on their own domains. Can a virus jump domains in the same network if there is no trust relationship between them?

  2. #2

    Smile Klez

    Klez can travel over network shares to other machines. Now, it is possible to map a drive to a remote Windows box witout there being a Trust between the domain the mapping machine is in and the domain the destination machine is in. You can just provide the user credentials when you map the drive.
    And the Klez worm can travel over these mapping and deposit itself!
    The best way to check which machines you are mapped to is to do a NET USE from the Command Prompt. That will list all mapped drives AND IPC$ the machine has authenticated to. I "think" that Klez can go over the IPC$ authentication also, but don't quote me on that.

    It really is like a spiderweb the way neworking connections can be in regards to Klez. It can bounce from machine to machine over forgotten drive mappings, and you are standing around wondering how it got around.

    Read more about Klez here: SARC write-up on Klez

    Good luck.

  3. #3
    I "think" that Klez can go over the IPC$ authentication also, but don't quote me on that.
    Irony?

    Klez definately does go across IPC$. Either that or it just materialized onto my computer from the firey depths of virus hell.
    Hic ego barbarus, sum quillo non intelligor illis.
    Because they do not understand me, I am a barbarian.

  4. #4
    Member
    Join Date
    Aug 2002
    Posts
    58

    klez what?

    theres like 6 or 7 types of klez, i think you should find out which one it is and do some looking up on it and see what it attacks and how. i had klez.i for a while,thats what got me looking into Av's more as most that i tried could'nt remove it.

    IMPORTANT:

    BE VERY SURE THAT IT IS GONE BECAUSE A TRADE MARK OF klez IS TO COPY ITS SELF AND HIDE.
    MANY OF MY av'S THAT I TRIED OUT SAID THE CLEANED IT BUT IT KEEP REAPPEARING.
    hope this helped.
    [gloworange]The Enemy Is Ignorance[/gloworange]

    http://www.antionline.com/sig.php?id=194

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides