[unisog] Cleaning up after klez

Anderson Johnston andy at gl.umbc.edu
Tue Apr 30 20:25:02 GMT 2002

We're blocking the two most insidious subject headers:

Worm Klez.E Immunity
A  IE 6.0 patch

I've been working on write-ups for the Help Desk so they can handle the
confused faculty, staff and students who want to know how mail they never
sent got bounced back to them.

We have a site license for McAfee AV software and trying everything short
of skywriting to spread the word about it.

I'm looking through the mail logs to see if we have an unusual number of
relays on machines that aren't mail servers.

I try to get the full (including Received:) headers of infected messages
in order to trace their origin.

We're looking at AV scanners for the mail servers, but that's a lot of
overhead for the kind of machines we use.

					- andy

On Tue, 30 Apr 2002, John Stauffacher wrote:

> All,
> Anybody out there have any real good ways of stopping the W32.klez
> virus/worm. Our university seems to have been infected and I am
> searching for solutions to both block and sequester the already infected
> machines. Any help would be appreciated.
> ++
> John Stauffacher
> Network Administrator
> Chapman University
> stauffacher at chapman.edu
> 714-628-7249

** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **

More information about the unisog mailing list