[Dshield] Klez revisited

Bart E. Hawley Sr. bart at texan.net
Fri Jun 28 16:23:37 GMT 2002

----- Original Message -----
From: "Michael Johnson" <mike at holmesandturner.com>
To: <list at dshield.org>
Sent: Friday, June 28, 2002 8:56 AM
Subject: [Dshield] Klez revisited

: Anyone seen anything like this before? :
I have seen that type of ploy over and over. It is simply an attempt to get
you to reflex and
double click. It is the klez virus. I still see approximately 8-9 megs of
email a day with klez
attached to them dumped by my procmail filters. As well as 16-20 emails a
day caught by
the virus scanners on the server.

: <email I received y'day am>
: Klez.E is the most common world-wide spreading worm.It's very dangerous by
corrupting your files.
: Because of its very smart stealth and anti-anti-virus technic,most common
AV software can't detect or clean it.
: We developed this free immunity tool to defeat the malicious virus.
: You only need to run this tool once,and then Klez will never come into
your PC.
: NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV
monitor maybe cry when you run it.
: If so,Ignore the warning,and select 'continue'.
: If you have any question,please mail to me  //mailto:abeeace at aol.com//
: </email>
: This email came in through a rarely used USER account.  And the USER
actually told me about it.  I must revise my .sig
: sql> select * from USERS where clue =>0
: sql> 1 found
: Good little USER  I will upgrade your server storage to ....hmmmmm 2 megs!
: Thanks,
: Mike Johnson
: System/Network guy
: Holmes & Turner
: _______________________________________________
: Dshield mailing list
: Dshield at dshield.org
: To change your subscription options (or unsubscribe), see:

More information about the list mailing list