Virus with Strange Headings?

[HaraRyoichi]

Today, in only 90 minutes, I have received 4 e-mails with attachments and with some puzzling headings. Norton Antivirus did NOT alert me but my past bad experience DID tell me not to click even the message part and now I have read Sam Suklis' mail and am prepared now to delete all suspicious mails. Now the question: Which one got virus and which one is not? I think I should not preview the mail as it can activate an attachment to open automatically to spread the virus. 1. ozniac Fw: MG-TABC japanese lass'se 2. Hank insME W32 Kles E Removal tools 3. yengis Some Questions 4. info your password Will appreciate members help Thank you Rick Hara TC6903

[Charles Hill]

Rick, I've been getting the same strange messages. Except in my case, they are blank emails. When I view the message source, there is obviously more there. Norton (which just automaticaly updated withing the last couple of hours) didn't catch anything. Must be something directed at Microsoft. I use either Netscape on my Windows laptop or Opera on my Linux box. As they used to say on Hill Street Blues "Be careful out there!" Regards Charles Hill

[Terry & Lynda-May O'Brien]

Charles etc. Same thing using Netscape. Terry Charles Hill wrote:

> Rick, > > I've been getting the same strange messages. Except in my case, they > are blank emails. When I view the message source, there is obviously > more there. Norton (which just automaticaly updated withing the last > couple of hours) didn't catch anything. Must be something directed at > Microsoft. I use either Netscape on my Windows laptop or Opera on my > Linux box. > > As they used to say on Hill Street Blues "Be careful out there!" > > Regards > Charles Hill > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

[Sam Suklis]

Rick: This one was a new form of virus..it actually did pop up in the preview window. That's a first. BUT, if you didn't open it, you're safe. It's best to never open any attachments, period. Best regards, Sam SS

----- Original Message ----- From: "HaraRyoichi" rhara@mub.biglobe.ne.jp> To: mg-tabc@yahoogroups.com> Sent: Wednesday, April 17, 2002 8:50 PM Subject: [mg-tabc] Virus with Strange Headings? > Today, in only 90 minutes, I have received 4 e-mails with attachments and > with some puzzling headings. Norton Antivirus did NOT alert me but my past > bad experience DID tell me not to click even the message part and now I have > read Sam Suklis' mail and am prepared now to delete all suspicious mails. > Now the question: Which one got virus and which one is not? I think I > should not preview the mail as it can activate an attachment to open > automatically to spread the virus. > > 1. ozniac Fw: MG-TABC japanese lass'se > 2. Hank insME W32 Kles E Removal tools > 3. yengis Some Questions > 4. info your password > > Will appreciate members help > Thank you > > Rick Hara > TC6903 > > > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > >

[wargs]

Rick, Received same. Have Mac, did not compute! Good luck! David Lodge HaraRyoichi wrote:

>Today, in only 90 minutes, I have received 4 e-mails with attachments and >with some puzzling headings. Norton Antivirus did NOT alert me but my past >bad experience DID tell me not to click even the message part and now I have >read Sam Suklis' mail and am prepared now to delete all suspicious mails. >Now the question: Which one got virus and which one is not? I think I >should not preview the mail as it can activate an attachment to open >automatically to spread the virus. > >1. ozniac Fw: MG-TABC japanese lass'se >2. Hank insME W32 Kles E Removal tools >3. yengis Some Questions >4. info your password > >Will appreciate members help >Thank you > >Rick Hara >TC6903 > > > > > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > >

[Sam Suklis]

Hello Hara: ANY of your incoming "list" letters that have a paper-clip next to the name,showing that an attachment is in the letter will be the infected ones. I'm having trouble understanding why some Norton AV's aren't responding to it, as mine goes crazy. I'm guesssing some of the Norton's out there aren't of the type configured to scan e-mail OUTSIDE the portal, before it enters the computer. I just booted up, and have received three more of these this morning. Norton killed them all, and I've gone into "Deleted Items" and killed them there just to be extra-sure. This Virus mails itself over and over, and changes it's name each time. Go here, and read about it, there's a lot of help and explanation, and a list of all the names this virus is using.......http://www.symantec.com/avcenter/venc/data/w32.klez.h@mm.html#th reatassessment Best, Sam Suklis SS

----- Original Message ----- From: "wargs" wargs@Mac.com> To: "HaraRyoichi" rhara@mub.biglobe.ne.jp> Cc: mg-tabc@yahoogroups.com> Sent: Wednesday, April 17, 2002 11:19 PM Subject: Re: [mg-tabc] Virus with Strange Headings? > Rick, > Received same. Have Mac, did not compute! > Good luck! > David Lodge > > HaraRyoichi wrote: > > >Today, in only 90 minutes, I have received 4 e-mails with attachments and > >with some puzzling headings. Norton Antivirus did NOT alert me but my past > >bad experience DID tell me not to click even the message part and now I have > >read Sam Suklis' mail and am prepared now to delete all suspicious mails. > >Now the question: Which one got virus and which one is not? I think I > >should not preview the mail as it can activate an attachment to open > >automatically to spread the virus. > > > >1. ozniac Fw: MG-TABC japanese lass'se > >2. Hank insME W32 Kles E Removal tools > >3. yengis Some Questions > >4. info your password > > > >Will appreciate members help > >Thank you > > > >Rick Hara > >TC6903 > > > > > > > > > > > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > > > > > > > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > >

[HaraRyoichi]

Thank you Bullwinkle, Charles, Dave, Klez, Thom, AJ and especially Sam for all helpful advice and info re bad mails. Seems I'm still getting the things like: 5. eeduno: Cbc,cbf 6. JERRYCIHAK: A very humour game 7. tc48td50: eager to see you What bothers me is that the regularly updated Norton did not alert me (maybe I had goofed during updating process) and that this virus is the type that even previewing (clicking) the title induces the attachment to open. Thank god I'm now accustomed to open my mails from bottom up and my PC no longer opens the mail brought up to the preview window automatically (this is important and I learned it hard way). It is a pity that there are people who feel satisfied by seeing others suffer. It is ugly. Regards Rick Hara TC6903

[HaraRyoichi]

Sam, I cannot open Norton There's something wrong about Integrator, so the message says I am trying to contact a friend who installed Norton for me last December. Meanwhile I keep deleting whatever I think suspicious mail so please excuse me if I did injustice unto innocent souls Rick

[tamata i valu]

Good-day Rick and fellow TABC'ers : I shall probably come under fire for this but here goes anyway . Looking over Rick's message has me a bit annoyed !! The item listed at # 7 , was the beginning of my old email address : ( tc48td50@ intergate.bc.ca ) , defunct now nigh on two years ! Its useage has made me very suspicious and speculative . Could an outsider ( or ex-member even ) be fiddling with old email addresses such as " tc48td50 " , or creating false ones etc. , because this person has some " lip-on " for our web ? I should hate to think , that someone would stoop as low , as to purposely set out to disrupt our net because of some personal vendetta ! However ; the wording , of Item # 7 , is a little too coincidental to my liking !! I may be right off the mark with this thinking , and I truly hope so , as I do not want to offend anyone's feelings , but I can assure you it is not this writer !! I have been alerted , by my Norton , of several viruses being held in Quarentine over the last week ( about 12 I recall ) which I just deleted ! For me , at least , this plot seems to be thickening . I reckon that is what over 30 years of not being surprised , at what others will do to others , does to you !!!!! Let us hope if any of the above is correct that these senseless hostilities cease ASAP . Cheers to all ; respectfully : Jack Emdall

----- Original Message ----- From: "HaraRyoichi" rhara@mub.biglobe.ne.jp> To: mg-tabc@yahoogroups.com> Sent: Thursday, April 18, 2002 2:07 PM Subject: Re:[mg-tabc] Virus with Strange Headings? > Thank you Bullwinkle, Charles, Dave, Klez, Thom, AJ and especially Sam for > all helpful advice and info re bad mails. > Seems I'm still getting the things like: > 5. eeduno: Cbc,cbf > 6. JERRYCIHAK: A very humour game > 7. tc48td50: eager to see you > What bothers me is that the regularly updated Norton did not alert me (maybe > I had goofed during updating process) and that this virus is the type that > even previewing (clicking) the title induces the attachment to open. Thank > god I'm now accustomed to open my mails from bottom up and my PC no longer > opens the mail brought up to the preview window automatically (this is > important and I learned it hard way). > It is a pity that there are people who feel satisfied by seeing others > suffer. It is ugly. > Regards > > Rick Hara > TC6903 > > > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > >

[Chip Old]

On Thu, 18 Apr 2002, Sam Suklis wrote to HaraRyoichi and wargs:

> Hello Hara: ANY of your incoming "list" letters that have a paper-clip > next to the name,showing that an attachment is in the letter will be the > infected ones.

True only if he uses Microsoft Outlook or Outlook Express. Other mail programs use other ways of indicating the presence of file attachments.

> I'm having trouble understanding why some Norton AV's aren't responding > to it, as mine goes crazy. I'm guesssing some of the Norton's out there > aren't of the type configured to scan e-mail OUTSIDE the portal, before > it enters the computer.

Possibly, although most recent anti-virus programs scan incoming e-mail by default. In order for that not to happen, you'd have to intentionally turn e-mail scanning off. More likely is that they have failed to keep their anti-virus software up to date. That's the most common virus-related problem I have with my customers (I'm an ISP in real life). When you buy anti-virus software it includes a "virus description database" that includes all viruses known at the time the master copy of the installation CD was produced. Any new viruses that appear after that are not known to the anti-virus program, so will not be detected. You *must* use your anti-virus software's "update" feature on a regular basis to download and install the latest version of the virus description database. If you don't, your anti-virus software is virtually useless because it can't detect new viruses. The Klez.H worm that is currently causing so much trouble is very new (first detected only a couple of days ago), so chances are the anti-virus software on most MG-TABC members' PCs wasn't up to date enough to catch it. If I used a PC, because of the rapid-fire release of new viruses I'd run my anti-virus software's database at least once a week. On a Mac it isn't as critical because new Mac viruses appear very infrequently.

> This Virus mails itself over and over, and changes it's name each time.

The virus name is always Klez.H or some variation on that. What changes is the "Subject:" line of the message, the text (if any) of the message, and the name of the file attachment. Klez.H takes each of these from a built-in list which is so long as to make the Subject, text, and attachment name seem random. -- Chip Old (Francis E. Old) E-Mail: fold@bcpl.net Manager, BCPL Network Services Phone: 410-887-6180 Manager, BCPL.NET Internet Services FAX: 410-887-2091 Baltimore County Public Library 320 York Road Towson, MD 21204 USA