Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: I ***think*** Janathan has a virus

Re: I ***think*** Janathan has a virus

From: Vladimir M. Zakharychev <bob_at_dpsp-yes.com>
Date: Mon, 10 Jun 2002 14:53:32 +0400
Message-ID: <ae20fc$me1$1@babylon.agtel.net> 





Ever heard of Klez? This is exactly its propagation scheme - receiving it from
somebody does not mean that somebody indeed sent it - Klez sends itself
out using records in victim's address book for disguise. Thus, if someone had
Jonathan's e-mail in his address book and was infected by Klez, this email
among others was randomly used to fill the From: header of outbound emails.
Klez also randomly attaches harmless files from the victim's system to the
message to further disguise itself (and this can lead to publication of confidential
information if the attached file was somewhat secret...)



I'd recommend you to update your antivirus sigs and scan your own system
asap, as Klez has several installation methods and one of them could succeed
on your system (unless you are using mailx or something like that - if it is
an unpatched Outlook [Express], you're in danger). If you do not have any
antivirus running, you're in trouble.


--
Vladimir Zakharychev (bob@dpsp-yes.com)                http://www.dpsp-yes.com
Dynamic PSP(tm) - the first true RAD toolkit for Oracle-based internet applications.
All opinions are mine and do not necessarily go in line with those of my employer.


"." <oracle_at_bountifulsolutions.co.uk> wrote in message
news:MPG.176c4915b8d78331989680_at_news.demon.co.uk...


> Hi all,

>

> I have received a peculiar email from Jonathan Lewis the subject of which

> is 'Lets be friends'. Attached was 'message.htm', 'its.bat' and

> 'dbms_job.html'.

>

> The last one is harmless and appears to be one of Connor's FAQ answers.

> Its.bat is actually an exe file and I suspect is the payload.

> Message.htm is a simple <IFRAME> tag with a funny source which I think

> sets off the payload.

>

> Hopefully I'm wrong and Jonathan is not responsible for it, but it did

> come from his address. I have replied advising him of the problem and

> hopefully, he won't mind this posting. (Apologies in advance if not !)

>

> If you get a message with the subject 'Lets be friends' I'd treat it with

> the utmost suspicion.

>

>

> Regards,

> Norman Dunbar (at home)

>

>



Received on Mon Jun 10 2002 - 05:53:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US