Re: worm powders

On Wed, Aug 14, 2002 at 08:44:31PM +0100, Scottie Bowman wrote:
 
> Tim is your only man in a situation like this ... but has
> anyone else been having trouble with that little bastard
> Worm Klez?

Howdy, sir. Sorry to be so late with my answer -- I've been (almost
literally) tied up with an insipid amount of work today.

So far, I have not seen a single infested message make it to the list
under your name. So, we have been lucky. I don't think that the
system that hosts the lists has virus-filtering as one of its features
(it tends to be expensive for a large-scale operation), but where I
**work** does flag infected messages. And since I get one safety copy
of list mail sent to a work account, then I would be notified if your
infected machine tried to send an infected message to the list. And
happily, that has not happened.

The damned Klez worm is persistent, however.

There is a writeup at the site of one of the antivirus vendors, which
makes a tool available at no charge to remove the thing when or if the
antivirus software itself is ineffective.

I checked just now and that page is active and answering and such. It
can be found here (all one long line):

securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

I have been told by many half-driven-mad people that this tool and the
advice are both effective, so you might want to give it a chance.
Even if your machine is already clean, then it won't do any harm to
try it. If you're NOT cleaned, then this should do the trick. And of
course you can then send it on to other places with which you
correspond.

If it makes you feel better, none of the infected stuff has come
through to the heming-l list. Though <insert evil grin> you might
well regret that....

Please let us (or me, privately; it's your choice) know how you fare
with this thing I'm sorry to see you get snagged by it.

> He's been wreaking havoc with my stuff, sending poison
> under my name to strangers, aborting transmissions &
> suppressing, for example, quite a nice note about Rupert Brooke
> which I tried on several occasions to post to the list but
> without success.

Yes, it will harvest addresses from your address book(s) and send
infected mail to them; will harvest addresses from your web browser's
cache and attempt to infect them; and attempt to infect other sites as
you visit them with your browser. I've heard many horror stories,
many of which appear to be true.

The thing also seems to start up a Klez process that runs on its own
as well.

This has attacked the PC world -- Mac users are so far safe against
this particular one. So far.

Klez has wreaked havoc on a huge scale among people everywhere. I
can't recall how many tens of thousands of infected messages our
servers at work have caught and defanged, but it's been enormous.

> Then, Norton to the rescue. Almost three hundred files
> infested! Or maybe this is standard once the rot sets in?

Yes, it's pretty invasive -- lots worse than a tapeworm! And, as I
said, not all the antivirus software does the job. So, there are
other tools as well by Symantec and other vendors to try to do more
thorough cleaning than plain antivirus software can do.

It's a headache, but if it means anything, we're on your side out here
and pulling for you to clean up with success. You can contact me
privately or publicly if you wish, should you have questions. I'm
always happy to do what I can to assist. I'm working from a Unix
machine, and none of these virii mean anything to this type of system.
I just look at the chaos and shake my head sadly....

Cheers,

--tim

-
* Unsubscribing? Mail majordomo@roughdraft.org with the message
* UNSUBSCRIBE BANANAFISH
Received on Wed Aug 14 18:56:35 2002