I just got an e-mail - Klev32 type from "Tuesday" a member here. Watch your virus scanners folkes. ~EA

Doesn't mean Tuesday is sending it. Klez picks an address at random from the infected book and signs everything from them. It's awful, I get tons of them, 8 to 20 a day, so far Norton has caught it everytime, I hope. I did a complete scan yesterday from two sources. This is a fairly old virus, most catchers should be up to date on it. Emily

I know queri, but this person doesn't have my e-mail address. So I am trying to get peoples attention. 'Cause someone isn't running a virus scanner.

Hope they listen. Wish there was a way to completely block these things, I'm getting tired of seeing the Yellow plague signs when Norton kills it. I was pretty sure you knew how that thing worked. But you never know. Emily

The few I've gotten lately have been really sick - they claim to be the Mailer Daemon from AOL and other sites. Of course, why a bounced back message would have a .scr file attached, I don't understand, but some people would think that they'd sent to an AOL member recently and open the file to try to remember what they'd sent.

We had this virus at work a month ago. It was fun watching the IT guy run around and try and contain it :)

I've gotten three or four of those Mailer Daemon ones-- I thought it was just more of the same. Thank god, Norton caught them. Some of this is just plain evil. I'd be sick if I had to reformat. Digging around to find all the plugin regs for PS alone would be exhausting. Emily

Same thing happened to me and I emailed all of my friends / associates. In mine, the headers look like this.... * The headers of the email will look similar to this: Wrom: OHMKHJYFMYXOEAIJJPHSCRTNHGSWZIDREXCA To: azlyrics@azlyrics.com Subject: Run in DOS mode. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Fceu3yE728Y6HtHirrJ816S0z0oKH X-Apparently-Wrom: XZOWCONEUQZAAFXISHJEXXIMQZ My friend Lady Aphoennix emailed me and told me I had emailed her a virus. I asked her to check her headers and it was just like the one above. Stenographics emailed me and said he received one like that too, and quite a few emails like that bounced back to me, so chances are Tuesday didn't send it, someone is probably using her address as a mask. Emily (Queri) is right. It picks a random address, which happened to me, oh the joy, and is emailing tons of people as if it's me. I am sick of the 10 bounced back emails everyday. I JUST WANT MY LIFE BACK!!!!! ahem*

There would be an easy way to avoid any virus : being able to get complete informations about the e-mails you're about to receive before downloading them. For example : "do you want to download the MIME 1.0 message "hello" with the following attachement "pic.jpg" sent by "john@bibi.net" monday 15:35 hours ?" click yes or no. We should be able to make a selection before getting contents on our computer ! By now, we have no choice... It's against all notions of privacy. It works like this for every other downloads, so it could also work for e-mails. :) Eric

Well, we could check it all on the web with Mail2Web and delete the attachments that were obviously bogus. I was doing that for awhile. It was tedious, and then Mail2Web got very very slow and kinda quit one day. But I'm with Lady Jaiven, I want my life back too. I check every bounced one to see if it came from my mailbox. When it first started I ran virus check until I was nuts. Now I just jump everytime I see yellow. If I thought the ZOneAlarm method would catch everything I would use it-- It changes all the exe, and the other virus tags to meaningless tags that you can change back for ones you know are ok. But I would have to take down Norton to do it and I don't dare. Emily

There should be a way to tell your e-mail client not to download any attachments above a certain size (say 15k). This will force all attachments to stay on the server until you specificially download them. If you recognize the attachment (a picture from a friend), then click the "retrieve attachment" button. But if the attachment is a ".scr" (or other unknown file), then you delete the e-mail without even downloading the attachment. I use Eudora as my e-mail client and it is very easy to do this, but I'm not sure how you would do it with Outlook. And, of course, Eudora is practically immune to any .vbs "virus-files" that are spread by Outlook and Outlook Express. --John

all pop email clients ( eudora, outlook or netscape email apps ) have the option, you can say do not download any attachments. with av running checking the body of the message and the attachment only when you choose to download by clicking on it, you have no email virus getting through at all. M$ seems to be the target of choice for viruses, because they have so many holes in the system security. mac isn't as vulnerable, nor is linux, extremely rare for a virus to be coded for them. btw, hmmm....Mcafee and Symantec both have nothing on KLEV they list very old KIEV virus. infects .com files, do damage. copied EA's virus name, had to work to even get the kiev virus data. nothing for klev or klez ( L not I ) no virus name as such. just so you know. when the av companies haven't got that virus listed either it isn't a virus or it is brand spanking new.

Symantec does... Norton Systemworks has it listed....

Both progs know it-- PCillin let it into my system months ago, MacAfee couldn't clean it then-- that's when I reinstalled and went with Norton. I'm sure it can now, but once burned, ya know. That was sometime in October or November cause I was buying Christmas gifts at Ebay and they got mega-infected from European buyers. That was Klez.A. Today, it's been the W32.Klez.H@mm virus and the W95.Hybris.worm that were stopped-- that's the first time I've seen that one. Emily

My virus ketchers have been nailing about 3 a day - since my mail gets filtered at the ISP means I must be getting tons of the stupid thing. Almost all klez right now too. Whoever tweaked that thing recently should be smacked with a dead fish. sigh It was an old virus, but somebody improved its spawning process recently and restarted the sucker. Nice thing is the old definitions still catch the new version. I use three virus checkers on the system level - Mcaffee's, 'Spike' (a download watchdog), and a thing my wiz friend Paladin wrote called 'Raphael'. But, if I'm not mistaken, Klez is yet another Outlook only virus. So a rabid MS hater like myself is in less danger than many. and remember! this ones fakes the headers - so if someone gets a klez ridden email allegedly from you, then someone you both know has it.

I use a browser-based Mail prog called 'IMHO Webmail', nothing gets shifted onto my PC, only opens inside the browser (Netscape in my case). So I suspect that I'm not as vulnerable, since I don't use Outlook etc. Am I correct in believing this, or am I at as great a risk anyway? :] Fishnose

I have a feeling that you're in just as much danger fishnose, if not even more. I'm going to hide under my bed soon if this doesn't stop :( Rob

good grief Rob. Did you forget what is already hiding under your bed? Can't go here either. :)

~EA

Simple solution to your virus problems? Buy a Mac, or use Mac OS on your PC (yes this is possible). I've been online since '96, I stopped running virus protection (Virex and Norton Anti-Virus) several years ago because I got tired of waiting for the software to scan everything. My Mac has NEVER been infected in all this time. Sure I've received all kinds of virulent email attachments, but I use Netscape, not Internet Exploder so Outlook Express can't take over my OS and email everyone I know in the name of "functionality". Exe's and vbs's don't work on Macs so I don't have to worry about an email attachment turning into a booby trap. I set my Netscape Mail prefs to automatically send email with any attachment directly to the trash folder so I can safely inspect it before deleting it. Even with PC's a little common sense goes a long way, just because the email says "I love you" doesn't mean it's true. ;-) Don't open strange attachments, even if you recognize the sender's name and you will probably be fine.

didn't know you could run Mac OS on a pc, I'll have to give it a go, thanks for the info alleycat Rob

When the Anna Kournikova virus went around, some idiot opened up the attachment and screwed up the network. After days of cleaning out the network - including refusing all new emails, the system comes back up and the same user opens the file again and re-infects the network. Why did he do it? Because he didn't get to see the picture the first time! (Thank God I don't work there! The sysadmin should have been shot for not installing sufficient protection after the first outbreak, but the user's stupidity was also criminal!) I do work at a place, though, where I'm regularly told such things as, "I thought it was a virus so I opened it up." Guess, what? They were right! Why can't we chlorinate the gene pool?

Alleycat169 wrote:

---

Simple solution to your virus problems? Buy a Mac, or use Mac OS on your PC (yes this is possible).

---

Simple to suggest but far more complex (and costly) to implement. :)

Attached Link: http://www.emulators.com/

Yes but worth every penny considering all the 'hidden costs' asscociated with inexpensive PC's. SoftMac for PC is less than $200, that is not that expensive considering that you will be able to stop buying new anti-virus software every six months. ;-)

Have they stopped making viruses for the Mac, then, because back when I was running Mac exclusively I was crushed and nearly busted by a virus I couldn't get off the desktop. True it wasn't as pernicious as PC viruses, but until DiskProtect came along, it was uncleanable. Emily

If most people used Mac, there would be lots of viruses being made for Mac OS. It's mainly a PC problem because the vast majority of computer users have PCs.

Alleycat169 wrote:Yes but worth every penny considering all the 'hidden costs' asscociated with inexpensive PC's.- - - - - -

Well, assuming one has a whole lot of those pennies to spend on Mac versions (or Mac-based equivalents) of the software one requires at work and/or at home--- assuming a Mac version/equivalent exists. Depending on one's needs or requirements, one could end up spending thousands acquiring such apps and/or licenses. Switching to a whole new platform and operating system is a big undertaking and not without its own set of risks and complications. I certainly wouldn't classify a platform switch to be a "simple solution" for avoiding e-mail viruses. Also, suggesting that viruses can be avoided by migrating to the Mac is a little misleading as well. Robert Franklin, Senior Product Specialist for Symantec Corp. had this to say: "Mac users have, to some extent, been lulled into thinking they don't need to be protected," Franklin said. "It's not really a case of one operating system being more susceptible than another by the very nature of the OS. Rather, it's the fact that there have been, by volume, more viruses written to affect Windows machines than Macs." The motivation here is that virus writers want their viruses to spread to as many users as possible. Since the Windows platform has the greatest worldwide reach, for both home and office computer users, more viruses are written for that platform, Franklin explained. "This doesn't mean that Macs are free from virus concerns, or if a Mac gets a virus that the payload will be less significant," he explained. "There are a number of Mac specific viruses out there, and they can cause varying degrees of problems for Mac users." One might get the impression I'm anti-Mac, which is furthest from the truth. I've got nothing against Macs or Mac users. My sister has a Mac. I've used it, I like it and I love the industrial design behind the hardware. If I had the money, I'd have both systems on my desk. Indeed, the case may be for some that switching to the Mac would prove to be the ideal and perhaps trouble-free soluiton. But I thought there was the need to play devil's advocate here to provide a more rounded view. The reality of it is that there'll always be viruses on whatever platforms the virus authors wish to "support." Now there are cross-platform viruses (e.g. "Simile" virus for Linux/Windows) and there are no real indications that virus creation and propagation will slow down in the near future. Regardless of the platform you run, taking precautions and as you suggested, exercising a bit of common sense, goes a long way. I think that's the true, far reaching solution... Alleycat169 wrote:SoftMac for PC is less than $200, that is not that expensive considering that you will be able to stop buying new anti-virus software every six months. ;-)- - - - - -

Were you not able to take advantage of the free virus definition updates that came with your anti-virus application(s)? Buying completely new anti-virus applications with any frequency seems a bit extreme.

Attached Link: http://www.cs.berkeley.edu/~nweaver/

Hi, I read a really interesting scientific paper today called "how to 0wn the internet in your spare time" by Stuart Staniford, Vern Paxson and Nicholas Weaver. Funded by DARPA and the Lawrence Berkeley labs at UCB. Talks about Code Red, Nimda and recent infection strategies, etc. they reckon that a forearmed virus (one had scanned the namespace beforehand) could, from a fast link, theoretically infect every single vulnerable system on the internet in 30 seconds. This is no joke, they even give you the math. They reckon that a "Warhol" worm is far more likely though, (one that infects everything in 15 minutes :) given that some rescans may be required, etc. Still it's a fairly incredible bit of research. They reckon that the entire namespace of the 'net is 48Mb uncompressed, but compressed and sorted it's only 7.5Mb. The first instance of the worm carries the entire namespace, but on it's first infection it passes half of the name space to the new copy, and they do likewise for each infection, they reckon you can cover the entire 'net in a seven layer model, with infection increasing exponetially the smaller the namespace gets, with almost no re-scans. Most of the infections would go dormant in seconds. Flashlood. BAM! you Own the internet. But the thing they reckon is really going to be big, is a new kind of infection vector called "contagion" which can spread at a very low level like wildfire via the P2P networks of KaZaA and Morpheous. Aparently thier makeup fits the infection vector distribution curve almost perfectly, matches the infection vector curve, especially since they're mostly DSL and large files and lots of scans are the norm. It really is a stuning bit of reseach, if you are at all technically minded. I got it of slashdot last week... I was thinking that placing a hardened UNIX box between me and my forthcoming DSL connection would be enough. But now I think I finally have a real reason to buy a new Mac. It's simply safer to own one if you're using the 'net. Because 15 minutes for complete penetration gives you no chance to avoid infection by updating your virus protection, etc. For those still suffering from Klez however the following may be useful, I mail them to users several times a week... http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html http://www.wired.com/news/technology/0,1282,52174,00.html Aha! Found it :) later jb

I have no idea why it did that, it was OK when I proof read it... :) later jb

Attached Link: http://www.mailwasher.net/main.php

Mailwasher (freeware) will allow you to screen your email before downloading it. You can also bounce spam messages and blacklist senders. Works very nicely. The latest versions/updates to Outlook can be fairly well hardened against virus attatchments.

Thank you so much, lmckenzie!!!! Mail washer is suddenly making my life much more tolerable. Emily

Glad you like it Emily.

Attached Link: http://www.spambouncer.org/

Hi, Spambouncer does a fine job if you have access to procmail on a UNIX box. later jb

Just for the record

One of my friends contracted this virus, but my system has always been clean.

This virus is particularly crafty in that it remembers all the e-mail addresses that it has come across on an infected system and as noted above, spoofs the address. Unfortunately there is nothing I can do about it, except deal with the hate mail!

Make sure your virus protection is up to date and if you should contract it, go straight to the Norton site for the cure. This virus is well known now so an up to date virus checker should pick it up (mine did)

if there was something I could do to stop my address being used, believe me I would

Alex