May 24, 2002 - Michael Kearns
has been a wide-spread of virus infected emails.
explains the current problem of:
am I receiving replies from people I do (or do not) know, saying I sent
them an email that I did not send?"
hard to kill virus effecting Microsoft Email Clients, named W32.Klez.gen@mm.
This virus also has many variations.
Subject: (RANDOM and the Virus has many variations)
Body: (RANDOM - again)
Attachments:(RANDOM - Files with .BAT, ..EXE, .PIF, or .SCR extension):.
Virus can be launched while opening or previewing the message.
The Virus carries its own SMTP engine (outbound email connection), it
randomly selects email addresses from the infected computer's address
book, sends mass-massages, and using the "From" as one or
more of the random email address(es) it choice from that address book.
Therefore, sending emails that seem like were sent from you.
Computers are not effected by the Klez virus or these variations.
However, since the virus is email based, a Macintosh can inadvertently
pass the virus on to a Windows user.
If you receive an email message that has an attachment and it is not
from a trusted source, please DO NOT OPEN it. Immediately delete the
message and empty your "deleted items" or "trash"
update your anti-virus software with the most recent virus definitions
and perform a scan on your drive.
the Virus carries it own SMTP, it does not use an Email Server's SMTP.
Therefore, the email administrator cannot track who's computer is infected
and sending the mass-messages.
An Excerpt (below) from Symantec's
Site and it also includes a removal tool.
Some variants of this worm use a technique known as "spoofing."
If so, the worm randomly selects an address that it finds on an infected
computer. It uses this address as the "From" address that
it uses when it performs its mass-mailing routine. Numerous cases have
been reported in which users of uninfected computers received complaints
that they sent an infected message to someone else.
For example, Linda Anderson is using a computer that is infected with
W32.Klez.E@mm; Linda is not using an anti virus program or does not
have current virus definitions. When W32.Klez.gen@mm performs its emailing
routine, it finds the email address of Harold Logan. It inserts Harold's
email address into the "From" portion of an infected message
that it then sends to Janet Bishop. Janet then contacts Harold and complains
that he sent her an infected message, but when Harold scans his computer,
Norton AntiVirus does not find anything--as would be expected--because
his computer is not infected.
If you are using a current version of Norton AntiVirus and you have
the most recent virus definitions, and a full system scan with Norton
AntiVirus set to scan all files does not find anything, you can be confident
that your computer is not infected with this worm.