BAD VIRUS WARNING - TWO IN ONE

[Nanceel0]

Hi,
I just came across this warning and I wanted to share it. Sincerely, NanceeVirus
~~~~~~~~~~~~~~~
Alert: Klez "Super Worm" (2 viruses in one)

To: Technical Professionals

Klez is a highly sophisticated "superworm" that originates from Hong Kong. There are now two versions of the Klez virus, (as bugs in the 1st version have been corrected to make this a more dangerous threat).

There is significant innovation in this new threat, as Klez is actually 2 viruses in one EXE file. The Klez worm is the mass mailing component that carries another a second highly destructive virus called Elkern within it. Once Elkern is implanted on a PC, it can be highly destructive. The payload is randomly activated during the 13th day of odd numbered months (November for example). If the payload activates, then all data on drives C: thru Z: would be set to ZEROES making this virus highly destructive.

Both versions of this new virus are the 5th and 6th most prevelant viruses in the world. Just copy of this virus could be highly destructive to information residing on our Networks.

Our Lotus Notes environment is already protected to intercept this for Internet EMAIL. Leon's latest update also provides desktop protection. Still, please be careful here and at home in processing any attachments.

Thank you - Harry
~~~~~~~~~~
Klez + Elkern Information

Steps to Prevent Infection
1. Please continue to delete all EMAIL attachments ending in EXE.
2. If you use Outlook EMAIL at home, DO NOT USE PREVIEW MODE.
3. You can apply a patch for Outlook to prevent automatically launching attachments in PREVIEW mode at http://www.microsoft.com/technet/sec...n/MS01-020.asp
4. It is recommended that you view EMAIL in PLAIN text mode rather than HTML where you have this option.


Message Body: (This text is hidden if you process EMAIL in HTML mode)
I'm sorry to do so, but it's helpless to say sorry. I want a good job, I must support my parents. Now you have seen my technical capabilities. How much my year-salary now? NO more than $5,500. What do you think of this fact? Don't call my names, I have no hostility. Can you help me?


Attachment:


Klez + Elkern - Internet Links http://www.symantec.com/avcenter/[email protected] http://www.symantec.com/avcenter/[email protected] http://www.antivirus.com/vinfo/virus...KLEZ.A&VSect=T http://vil.nai.com/vil/virusSummary.asp?virus_k=99237 http://vil.nai.com/vil/virussummary.asp?virus_k=99238


Klez Brief Technical Description
KLEZ is a destructive, persistent, memory resident, multi-process, and multi-threaded worm spreads a copy of itself via email and Network shared drives. This worm consists of two components. The main worm and a Windows executable infector called ELKERN.

[Alwill]

Thanks for the info.

[Tafkam]

I read that it activates on the 6th of every odd numbered month (except July, for some reason)
My boss got it at work on the 6th of this month. The removal tool from the NAV site www.symantec.com got rid of it.

------------------
THINK BIG! Better to aim for the sky & hit the roof, than to aim for the roof & hit your big toe...

[k4]

We here at work use mail marshall, and it has kept it at bay. I am probably going to write an article for the paper on the topic of virii, so I dug up some interesting tidbits of information. To date, Sircam was the most wide spread virus out there, according to messagelabs.com sircam came out in july of 2001, and to date, they had seen 748771 events, or roughtly 3565 a day. Klez came out april 15, and as of this morning, they had seen 403643 events (attempts at mailing), or about 13454 a day. And that is just what they have seen. ( www.messagelabs.com ) I suppose that the spoof return makes it much harder to put a lid on it. I understand that they have pretty much narrowed down the point of origin to the same locality as where code red came from, not hong kong. Web World War? Remeber, hackers here in the states have been going at it with the hackers in china for over 3 years now. Part of the same undeclared war? Nasty little critter, anyway.

------------------
The omnibus onion