What’s Computer Virus?
The "worm" is a type of virus (infects machine) that penetrates a computer's data files, and then sends that information back to the worm's author. The data can contain a computer user's passwords and credit card information.
The worm, enters a user's computer by way of Microsoft Outlook e-mail. It replicates by sending a copy of itself to others contained in the Microsoft Outlook address book. The virus is activated when the infected e-mail is opened.
The infected e-mail will contain attachments with suffixes such as 'Pics' or 'Cards', which more easily dupes holiday e-mailers looking for greetings or family photos.
We recommend that computer users update their anti-virus software. They also caution against opening e-mail attachments from unknown senders, otherwise these users needed outside help to get their computers up and running again.
Alert to All!
A variant of the Klez virus is currently on the rise. W32/Klez.h@MM has a number of similarities to previous W32/Klez variants. This virus creates confusion among Internet users. This email is to clarify the situation.
Summary
The W32/Klez virus has the ability to spoof(impersonate) the "email from" field in emails. The sender's address used by the virus is one that was found on the infected user's computer.
This virus causes confusion as it may appear that you have received this virus from one person, when it was actually sent from a different user's computer. Viewing the entire email header will display the actual sender's IP address.
To prevent infection on your own computer:
- Users are advised not to open emails of unknown origin
- Ensure their anti-virus solutions are up-to-date
- Keep their computer operating systems up-to-date
Details- W32/Klez.h@MM makes use of "Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2).
- the worm has the ability to spoof the email "From:" field (often set to an address found on the victim machine).
- the worm attempts to unload several processes (antivirus programs) from memory. You may need to re-install your antivirus software.
- the worm is able to propagate over the network by copying itself to network shares (assuming sufficient permissions exist). Target filenames are chosen randomly, and can have single or double file extensions. For example:
350.bak.scr
bootlog.jpg
user.xls.exe- the worm may also copy itself into RAR archives, for example:
HREF.mpeg.rar
HREF.txt.rar
lmbtt.pas.rar- the worm mails itself to email addresses in the Windows Address Book, plus addresses extracted from files on the victim machine.
- the worm arrives in an email message whose subject and body is composed from a pool of strings carried within the virus. For example:Subject: A very funny website or Subject: Look, my girlfriend
or Subject: SOS!
or Subject: Congratulations
or Subject: Questionnaire
or Subject: Meeting notice
or Subject: Some questions
or Subject: Honey
or Subject: So cool a flash,enjoy it
or Subject: How are you
or Subject: Never kiss a stranger
or Subject: How about dinner
or Subject: A free hot porn site
or Subject: We want peace
or Subject: Where will you go?
or Subject: Can you help me?
or Subject: Look at the prettyThe file attachment name is generated randomly, and ends with a .exe, .scr, .pif, or .bat extension, for example:
ALIGN.pif
User.bat
line.batSimply opening or previewing the message in a vulnerable mail client can result in infection of the victim machine.
You may encounter confusion in the following situations:
1. Someone claims that you sent them a virus infected email and you have checked that your computer is clean from virus.
Possible Explanation:
A third party was infected, and your email address was forged by the virus to further propagate itself.
2. You receive an infected email from someone but he claims his computer is clean from virus.
Possible Explanation:
That person's email address was forged by the virus from another party's computer.
3. You receive a bounced email stating that you sent a message to an invalid email address.
Possible Explanation:
The virus sent an email forging your email address to an invalid email address. Since the destination is invalid, the message is bounced back to your email address as if you had sent it.