0
mountainman

Virus alert!

By mountainman, in The Bonfire

Recommended Posts

mountainman    0

mountainman
I JUST got this email and highlighted it and my Norton caught it. Below is the description and the email read:
from: a-bassit
subject: adesksys.dll replaces the file with the
included an attachment
-----------------
Norton description:
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Klez.gen@mm
File: C:\WINDOWS\Temporary Internet Files\Content.IE5\OPQ34HU7\NS_moneyplan0107[.zlq
Location: Quarantine
Computer: HPPAV
User: jumpinduo
Action taken: Clean failed : Quarantine succeeded : Access denied
Date found: Tue Apr 30 19:20:00 2002
-----------------
Just thought that you all might get some use out of this.
Hope it helps! :)JumpinDuo.com...come and sign the guestbook.

Share this post

Link to post
Share on other sites

lummy    4

lummy
It hit the University last Friday. This is actually an old virus first discovered last Nov and only spreads if youare using MS OUTLOOK OR OUTLOOK EXPRESS.
You also might want to note that it is another mass mailing virus BUT, it uses one of the the entries from the address book as the sender.....
In other words, when you get the e-mail, it did not come from who it sad it did...
I've got to stop wishing, got to go fishing, I'm down to rock bottom again....

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
The latest revision of this one went into my favorite file as soon as I got one and Isolated it..... its just sweet! Very clean and I hate to do it... but the kiddies were on the ball with this one....they got my attention.
Klez.h is the latest version. Its been out in the wild for over a week and I remember the first version being out at least 2 weeks.
If once you start down the dark path, forever will it dominate your destiny, consume you it will....

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
I've been lucky enough to stay clean at home, and these little rules make sure I (and the rest of the company) stay clean at work.
/^(.*)name="(.*).(hta|com|pif|vbs|vbx|ovl|sys|bin|dll|vbe|js|jse|jsp|exe|bat|cmd|vxd|scr|chm)"$/ REJECT
#
# This _should_ block the klez worm - it's a snippet from the BASE64 Encoding
# used by most mailers today. A bit kludgy, but it should work.
#
/^135AAItEjhyJRI8ci0SOGIlEjxiLRI4UiUSPFItEjhCJRI8Qi0SODIlEjwyLRI4IiUSPCItE$/ REJECT
Klez is pretty active right now. We're seeing about 50 Klez rejects a day.
Long live Postfix. Down with Sendmail.

Share this post

Link to post
Share on other sites

skymama    37

skymama
Quote

/^(.*)name="(.*).(hta|com|pif|vbs|vbx|ovl|sys|bin|dll|vbe|js|jse|jsp|exe|bat|cmd|vxd|scr|chm)"$/ REJECT

do I need to be on drugs to be able to understand that? I sure as hell don't get it clean and sober!
Andrea
I'm high as a kite
I just might
Stop and check you out.

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
The simple answer is that the rule described above rejects all mail with attachments that might be executed by Microsoft Outlook. It's saved us a ton of headaches. Since M$ won't fix their goddamn mail client we'll just reject the mail that makes it break.

Share this post

Link to post
Share on other sites

indyz    1

indyz
What? You don't have the built in ability to understand regular expressions?
It means find a line of text that begins with any number of characters (including none), followed by 'name="', followed by 0 or more of any character or characters, followed by a period (actually, the regex has a little flaw; it will match any character, not just a period. Put "\" in front of the third period and it will behave correctly), followed by any of those groups of letters, followed by a quote character at the end of the line.
--
Brian

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Actually.... Outlook 2002 does block most those by default now. The problem is still there in Outlook Express, but the problems were fixed in the full version. And there is a nifty little add on tool FROM MS that plugs into Outlook 2002 to let you add and manage the extentions that get filtered on the client side and then on Exhange server you can filter the extentions there too.....
If once you start down the dark path, forever will it dominate your destiny, consume you it will....

Share this post

Link to post
Share on other sites

Jimbo    0

Jimbo
And it took them how long to figure out that auto execution of attachments was a bad idea? I'll continue to block this crap at the gateway. I remember when email was text, nothing more. Then came uuencode and multiple messages, etc.... then came html, then came full blown attachments. Then came the exploits.
If I had had my way I would blocked _all_ attachment, but management wasn't so cool with that idea. If people want to transfer files they can use FTP or copy stuff around on shared drives at work. Bah. Humbug.

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Ah... FTP... one of my favorite things that I used to exploit. Allowing outside annon upload access to a FTP is a nightmare to a security or network engineer. I've had nightmares based on that ;)
I've been around to see the prgression of virus since about 1988 or so and I admit MS does'nt read their history at all....
If once you start down the dark path, forever will it dominate your destiny, consume you it will....

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing