No announcement yet.

W32.Klez.H@mm Virus and other worms

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • W32.Klez.H@mm Virus and other worms

    I believe I have a virus, but I'm not absolutely sure. I run a website, and lately I notice I receive virus attachments coming from the email addresses of visitors on my site. Apparently, a bot is scanning the site for email addresses, and then forwarding on attachments by spoofing those addresses. Now, I have reason to believe that my own email is being spoofed to send these viruses. I thought it may have been the worm W32.Klez.H@mm because a return receipt I received from a visitor said their Norton AntiVirus had disinfected it. However, when I ran Norton's fix utility, the worm was not found. My question is as follows... does it sound as if my computer is infected and forwarding viruses on from my own computer? Or is someone managing to send virus attachments by spoofing my email? I'm not too sure what to do about this, because I can't think of any way to avoid these bots. Outlook's filtering abilities seem to be pretty nonfunctional as well.

    If anyone could give me some advice in regards to preventing these virus attachments from being sent from my email address, I'd appreciate it. Thanks ahead for any responses.

  • #2
    If you have the latest updates for the NAV program and it still shows you clean, then you most likely are. You should be aware that this "return receipt I received from a visitor" is one of the standard emails that come with the Klez worm attached to it. I receive them regularly along with scads more topics and messages. It's to the point that I'm ready to strangle all the folks out there who STILL haven't learned that you don't open attachments from strangers.
    Old age and treachery will overcome youth and skill
    My Toys

    Comment


    • #3
      Thanks.

      In addition to that though, I had someone email me who was really ticked off, claiming I sent them a virus... as in, it was sent by a human not an automated response. Can my email address be spoofed? I use Outlook Express 6, and I have my security set on high. I never download attachments (though those save/open windows pop up when some of these virus attachments come, I don't know if that could be problematic).

      I've been trying to figure how I can have the attachment removed from the email when I download my messages, so I get the actual email, but not the attachment (does that make sense?). Is there a way to do this in Outlook just so I can be safe?

      Appreciate the help.

      Comment


      • #4
        Take a look at some of the infected emails that are sent to you. You will find that in many cases, the name displayed as the sender will not be the same as the return path. Here's an example of an instance that has happened to me numerous times...

        I recieve an email and it says the name is "camwilmot" (as in the owner of this site) and has an infected attachment. Here's the catch, though. When I get real mail from Cameron, his name displays as Cameron "Mr.Tweak" Wilmot and not camwilmot. Also, when I right click the email and choose properties, I find on the second tab that the return path is completely different.

        Concerning the deletion of infected attachments, you can set up NAV to automatically try to fix the attachment, then quarantine and delete it if it can't fix it. This allows you to not have to physically acknowledge the deletion of the files. And as for reading them? Well, the message you get is the meessage in the email, and that is it. It will normally be nothing more than a couple of words or sentences.
        Old age and treachery will overcome youth and skill
        My Toys

        Comment


        • #5
          Oh, I didn't mean I wanted to read the emails with worms attached. I was hoping for a way to filter out all attachments in general with Outlook (I don't have NAV), while keeping the actual email message, in case someone is actually sending me something I need. That way, at least receiving the email, I can work out a way for that person to get me the attachment.

          As far as I can tell so far, Outlook only gives you the option to delete the entire message along with the attachment, which would take care of all the worm attachments, but then I'd never know if someone was actually sending me something I needed.

          I see what you mean about the return path though. Do you think removing my email address from the site would help to at least slow down the virus attachments I get? I'm thinking about putting up a perl script to have users email me. I'm not sure how much that would help... it would keep me away from bots, but I'm guessing the big problem is with the site visitors I email who have me in their address books, and open the worm themselves...

          Comment


          • #6
            How many of the new viruses get a new email address to replicate to is when it infects a machine, it scours the Temporary Internet Files directory for any HTML files cached. If it finds any email addresses listed on those pages, it sends viruses to them. Also, the Klez worm uses its own SMTP client, so Outlook will not register that your computer has sent a virus.
            What came first - Insanity or Society?

            Comment


            • #7
              I don't believe that there is a way to save the files since they can't be fixed. Besides, I haven't seen one yet that was a legitimate email messgae... just the infected file attachment, some cheesey intro line and sometimes a .pif that tries to automatically load the virus when I look at the email.

              Just kill them, they're useless.
              Old age and treachery will overcome youth and skill
              My Toys

              Comment


              • #8
                I must be explaining this poorly:-)

                I do want to get rid of all of them, and I've tried to do so by having outlook automatically delete all attachments. Doing that deletes all emails with attachments though, even ones I need. So if someone sends me an attachment with a word document that I need, I never know they sent it because the message is automatically deleted. I don't get any virus emails, but I don't get certain business ones either.

                Is there a way to filter out only the .pif/.exe attachments in outlook, so I can still get, for example, a word document that includes a resume that I need?

                Thanks for the help, much appreciated.

                Comment


                • #9
                  Sorry, I was misunderstanding your goal here.

                  You shouldn't have to tell Outlook to delete any attachments. Just use some sort of anti-virus program to dump the infected ones. If you aren't wanting to pay for one, then look around and you'll find any number of shareware virus protection utilities out there. If you don't have any sort of protection, then it's only a matter of time before you become the target of one that makes it through your careful use. Virii and worms are getting trickier with each incarnation that hits the Web. Careful use will only take you so far. :)
                  Old age and treachery will overcome youth and skill
                  My Toys

                  Comment


                  • #10
                    Gotcha, thanks for the help, appreciate it. I'll go find a virus program now:)

                    Comment


                    • #11
                      ya might wanna look into getting Zone Alarm firewall, one of the things it does is renames executable attachments so they cant be run. oh and its free :D

                      Comment

                      Working...
                      X