Re: Rampant W32/Klez@MM virus
Matthew, on host
Thursday, May 2, 2002, at 15:21:39
Rampant virus (please read, Don, Washu, and Sakura) posted by Joseph on Thursday, May 2, 2002, at 14:50:52:
> Okay, today I got an email virus from two diffrent emails... one was from Don the Monkeyman, and some random address, so, um, Don, could you disintect your machine? > > I caught the virus right as I got it, but there's a possiblilily that it could've mailed itself to Washu and Sakura. So if you get any messages from "" with attachments, DELETE THEM. Don't even open them. > > Oh, and run a virus scan anyway, this thing is spreading like mad!
OK, point 1: This virus probably DIDN'T come from Monkeydude. When the virus sends itself out, it takes random names from the user's machine and generates "from" addresses from them. So it could have come from anyone with Monkeyman's email addy on file. Also, if you infect someone else, chances are they won't see it coming from your address.
Most of you probably know how to spot a virus, so I'll make this run-down brief.
The virus has an archive of part-sentences, and the subject and body are made of those. The body'll look rather poetic because of that. Example:
I wrote a new game. This is my first game. You are the first player. I hope you would enjoy.
The subject line is similarly chosen. The attachments are the real key, though. There will be two of them. One is the virus itself. Note that it can masquerade as an image and so will be auto-executed by older copies of Outlook and its kin. The other file will be from the sender's machine. So, Joseph, anyone you infected will have a copy of some .htm document or .jpg image or whatever taken from your machine. As an example, one of the ones I received was a Forum post from the sender's cache. For those interested, it was one of B-G's posts. Naturally, this is a Bad Thing as you not only infect other systems but also send out potentially private files.
As for payload, I have no idea what this virus actually DOES other than spread.
McAfee's virus data