CLAN-LEASK-L ArchivesArchiver > CLAN-LEASK > 2002-04 > 1019601383
From: "John A Hansen" <>
Subject: [Clan LEASK] VIRUS ALERT = W32.Klez. H = Level 3 ( One time Advisory by List Admin)
Date: Tue, 23 Apr 2002 15:36:23 -0700
A new level 3 Virus Alert was issued.
The names will vary but it is generally a form of
While you will not get the virus from Rootsweb
you may well get a email from a subscriber or a friend
that you have corresponded with and it will look like
a legit response to the email or post that you made.
The Virus has two files attached.
One will have a random file from the sending computer
and the other will be the virus with a double extension
with ******.txt.exe etc. So it appears to be a real
and innocent attachment. As a result, the email message would
have 2 attachments, the first being the worm and the second
being the randomly-selected file.
Payload and Damage:
This worm infects executables by creating a hidden copy of the original
host file and then overwriting the original file with itself. The hidden
is encrypted, but contains no viral data. The name of the hidden file is
the same as the original file, but with a random extension.
Large scale e-mailing: This worm searches the Windows address book,
the ICQ database, and local files for email addresses. The worm sends
an email message to these addresses with itself as an attachment.
Releases confidential info: Worm randomly chooses a file from the machine
to send along with the worm to recipients. So files with the extensions:
".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc"
or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg"
or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages
along with the viral attachment
All the normal reference sites are carrying details on how to remove
if you do get infected and more technical details on how to
identify the incoming virus.
Please do not create any posts on the mailing lists.
John A Hansen
|[Clan LEASK] VIRUS ALERT = W32.Klez. H = Level 3 ( One time Advisory by List Admin) by "John A Hansen" <>|