Klez, also the new Bugbear, propagate by sending itself to addresses in an
OE address book. They also spoof addresses by stealing them from an address
book and inserting them into the "from" field. They also steal subject lines
at random.
So it works out that the purported sender is never the real sender. This is
difficult, because then you cannot alert the real sender he has a problem.
This also means the old saw of "never open an attachment from someone you
don't know," meaning if it is someone you DO know it is probably okay, is no
longer true. My rule now, if the text message does not tell me explicitly
what is in the attachment, I do not open it. If I know the purported sender,
I will reply asking if he actually sent me something. Almost always (ONE
exception!) the answer was negative. Corollary to that -- never send an
attachment without explaining in the message text what it is. That is now
becoming basic netiquette.
The viruses also mix-and-match addresses. One I saw recently had the name of
someone I know in Washington state with the @ being the University of
Pennsylvania. The fellow in Washington has never had anything to do with
UPenn. The virus takes the first part and second part of various addresses
and mixes them to create new bogus addresses. Try to reply and the message
will bounce.
And this is why Klez has become so prevalent. Most other bigtime viruses I
got 2-3-4 times before it faded away. Being able to reply to someone, "You
send me a virus," helped shut them down. Can't do that with Klez, so I've
probably gotten it six dozen times now. Fortunately, my Norton snags it
every time. I've quit stressing over them and just treat them as spam.
*DELETE! unread*
Klez usually shows up with either nothing in the text field, or with a
message like "I just invented a new game/program/software, you are the first
to try it, hope you like it," or more recently that the attachment is
purported to be a Klez removal tool (it isn't., it is the virus itself).
None of the above is safe. If you need the removal tool, go to the Symantec
website and download it from there.
Bugbear is the same, with a twist. It spoofs real messages that it finds in
someone's e-mail storage. The very first Bugbear I got was exceptionally
cruel -- the message announced the two SCCA members who died on Flight 93.
But that also is the Bugbear clue -- the messages are old news. A friend got
one just this week that was e-mail between me and someone else (I forget
who) sent in 1996!
One thing that should be reassuring however -- while a virus e-mail message
may come to you via FOT, the virus itself cannot. This is because Team.Net
strips all attachments. You cannot even attach a cool photo and sent it to
FOT because of this, which both protects the subscribers and cuts down the
message bandwidth. Cool photos or websites, etc., have to be referenced with
a hotlink or a URL, not an attachment.
--Rocky Entriken
----- Original Message -----
From: <EISANDIEGO@aol.com>
To: <fot@autox.team.net>
Sent: Wednesday, November 13, 2002 12:13 PM
Subject: Virus Reported With A FOT Email From Me - Help Needed
> I have done both alive update followed by a complete Virus scan of
> both my computers in response to Bill Dentiger computer identifying an
email
> from me containing a virus. The email was apparently self generated since
I
> have not sent an email to Bill.
>
> Unfortunately, the scans did not identify a virus. Any suggestions?
>
> I have checked with a few others (non-FOTers) who are on my
computer
> address book. None have received. I am wondering if this apparent virus
> targeted the FOT list. Or selectively targeted TR3 racers...or selected
TR3
> racers who like Road America bratwurst...seriously, did many other FOTers
> received this infected email besides Bill?
|