Special Stage Forums banner
1 - 20 of 20 Posts

·
Registered
Joined
·
2,627 Posts
Discussion Starter · #1 ·
FYI:

I just got some weird e-mails last week from people of the rally community that were blank e-mails, but had a attachment to be opened. Also a rally community comrade sending a e-mail regarding the virus telling me to download the anit-virus program that they have and you will not get the bug. Well I thought it look fishy and did not open the attachment and deleted the e-mail, plus the other weird e-mails that did not seem right coming from the people I know that e-mail me information regarding rallys or the rally that I am organizing presently.

Well... I just heard from a rally comrade that he just received a e-mail from a person he knows only from seeing his comments on specialstage.com, but does not know personally and wondered why he would e-mail him to tell him that a virus is out there and to be aware of this one, so he downloaded the program thinking this person was helping him out since he knew of this person like I said from specialstage.com, and he got the virus.

SO BE AWARE THERE IS SOMEONE KNOWING OF THE RALLY COMMUNITY THAT IS GETTING YOUR E-MAIL ADDRESSES AND USING YOUR NAME TO OTHER RALLY COMRADES TO MAKE YOU OPEN THE ATTACHMENT AND GET THE VIRUS. IF YOU OPEN IT...IT SAYS "HA HA YOU OPENED IT YOU GOT IT."

SO RALLY GUYS AND GALS BE CAREFUL...SOMEONE IS OUT THERE TRYING TO MAKE HAVOC AT YOUR EXPENSE! SO CHECK YOUR ANTI-VIRUS PROGRAM AND MAKE SURE IT IS UPDATED TO ANY NEWER VIRUS THAT ARE OUT THERE.


Denise McMahon
P.S. Make sure to call your e-mail friend to ask if they really did send you a e-mail attachment or they should call you. I know it sounds like another process to have to do, but it will save you alot of grief...or have some sort of code set-up between your e-mail senders and you that when a attachment has been sent. You know by that code it was truely from the person that you know before you open the attachment. Something to think about.
 

·
Marketing through Motorsports
Joined
·
1,385 Posts
Klez Gen Virus

Welcome to my "real job," fighting off this nasty sort of program.

What you're seeing is the KlezGen virus or a variation thereof....

This particularly malicious code walks through people's address books with its own mailer program and spoofs both the sender and the recipient addresses.

In other words it sends messages to people you know, pretending to be from someone else you know.

It also tries to disable your antivirus software.

It also finds addresses of other sorts, including from web pages you may have visited and from certain types of image types.

All in all, this is a disgustingly nasty piece of work.

----------------------
John Dillon       John @ WidgetRacing.com
            www.WidgetRacing.com
 

·
Registered
Joined
·
2,627 Posts
Discussion Starter · #3 ·
RE: Klez Gen Virus

Thanks John for your information. We need to help one another since there is someone out there who thinks this is cute to wreck havoc on the rally community right now. So be careful.
Denise McMahon
 

·
400 flat to crest
Joined
·
5,777 Posts
RE: Klez Gen Virus

Hey name names so some of us dinosaurs can be wary of certain people,
this whole e-world seems to be rife with seedy shifty laying sack of festering sheeet and i am generally suspicious of anybody remotely connected to it but it seems as thogh this crap works by people never saying "I got an email from my friend BOB which was infected...."

Maybe the Tree of Liberty must be periodicly watered with the Blood of not Tyrants but cyber-punks dip sheeets.















John Vanlandingham
 

·
Registered
Joined
·
245 Posts
RE: Klez Gen Virus

The person may not have sent the "Klez immunity program" knowingly. I've seen that version of it show up in my inbox from several differant addresses that I've never seen before. That leads me to think some clever programer amused himself by figureing out how to get it to perpetuate itself that way, as in, making you think its an anti virus program. As far as I know, I don't have it on my 'puter as I've never opened one of these attachments, but always promptly deleted them. I'll see about updateing my antivirus software all the same... Anyone know if it can get into your 'puter without you actually opening the attachment?


Nick
 

·
Registered
Joined
·
187 Posts
RE: Klez Gen Virus

The Klez virus uses a masking scheme to make it very difficult to determine who actually sent the message. I takes two addresses in your address book, sets the "TO:" to one address and sets the "FROM:" to another address in your book, thus it looks like someone who does not have the virus actually sent the message!

If you look in the message header for "return path" you will frequently find the actual sender of the virus.

Anyway, read more about the Klez.h virus (the most common at the moment) at the Symantec AntiVirus Research Center:
http://www.sarc.com/avcenter/venc/data/[email protected]

More than anything else, keep your virus protection updated AND your browser updated with the latest patches!

--Wayne
 

·
Registered
Joined
·
187 Posts
RE: Klez Gen Virus

Some viruses, such as Nimda, are able to infect your machine if you use Outlook Express or Outlook as your email program AND have not applied the Internet Explorer Security Roll-ups. If you have applied the security roll-up for IE, then you probably are not going to catch Nimda unless you double click an attachment.

Klez, however requires that you run the attachment in order to infect your machine.

Be careful about attachments and keep your browser and antivirus software updated!
 

·
Registered
Joined
·
186 Posts
RE: Klez Gen Virus

I had an odd little message supposedly from Sandman the other day. I use Netscape Navigator. I looked at the message, which was blank other than "I think you'll like this website", but saw no attachment. I've deleted it. Not being real up-to-speed on this kind of thing, did I infect my computer by just reading the email??? Thanks.
 
G

·
RE: Klez Gen Virus

I've gotten a bunch of Klez virus messages "from" all sorts of rally folks. I don't have one here to look at now, but I have examined the headers and they all had the same return path- something like rallytek or rallymech at intelli-something .com. Maybe I'll get one tonight and post the address to this forum.

I don't believe you can get Klez if you don't open the attachments, but some viruses you can get just by opening the main message. And note, if you use Outlook or Outlook Express and use the "preview" pane, *that* opens the message. I've turned my preview pane off for that reason.

Good luck,
Carl
 

·
Registered
Joined
·
187 Posts
RE: Klez Gen Virus

I believe that if you use Netscape for your email that you are probably ok. Most of these nasty viruses make use of Outlook which happens to make use of Internet Explorer to render HTML messages in the preview pane (and that is why it is important to also keep Internet Explorer updated as well).

In any case, if you don't have an antivirus program, go to a site like http://security2.norton.com/ssc/home.asp and select "scan for viruses". It will perform a free virus check for you.

There are also quite a few free anti-virus programs available. Here's one that's pretty good: http://www.grisoft.com/

--Wayne
 

·
Registered
Joined
·
229 Posts
One way to know it`s a got a virus in it before you even open in it is by looking at the filesize.. if it`s about 121KB, might as well just delete it without looking.

-Andy
 

·
Registered
Joined
·
253 Posts
RE: Rally Computer Virus

I just received another copy of the virus. This is where it originated from, if anyone has any idea how to proceed from here?

DNS Lookup: Results

Lookup: name=68.68.29.142 type=ANY

Results: 142.29.68.68.in-addr.arpa domain name pointer ca-glendora-cuda2-c6a-b-142.arcdca.adelphia.net.

Bill
 
G

·
RE: Klez Gen Virus

Got another one last night, the "return-path" was different this time, but the "X-Apparently-From" was the same, RallyMech @ aol.com.

Most of my Klez emails appear to have originated from this account.

Carl
 

·
Registered
Joined
·
245 Posts
Someone remind me again why we all use MicroSquish products? Is it because of the "everybodies doin' it man!" syndrome? Sheesh.


Nick Polimeni
'71 Volvo 142E (daily driver/RallyCross)
Editor, Blue Mountain Region, SCCA
[email protected]
 

·
Registered
Joined
·
223 Posts
I personally use Microsoft, linux, and OpenBSD. All have been compromised in one way or another. If I had a Mac, someone would break that too.

I don't own a Mac because I find them irritating like IKEA.
 

·
600 /CR !!! R2>
Joined
·
450 Posts
I just got the virus from someone else (not rally-related.) My Mac wasn't affected, as expected... ;)

Not to start a religious flame war over operating systems, but Mac OS X "fixed" all the annoyances of previous Mac systems and gives it what Linux users have craved for years -- the power of Unix (FreeBSD, to be specific) with an interface your grandmother could use...

Switch to a Mac! http://www.apple.com/switch/
"Who cares if there are 36,000 applications for Windows, when the 5 you want most are only available for Mac..."

--
JP Rowland jeremyrowland -at- mac.com
Visit my boring web page: http://homepage.mac.com/jeremyrowland
"Look unto me, and be ye saved, all the ends of the earth: for I am God, and there is none else." -- Isaiah 45:22
 

·
Faster Mabricator
Joined
·
3,611 Posts
RallyL email virus

There is also a virus sending rampant emails to rallyL. I believe they refer to it as the JENS LARSEN virus.:p
 

·
Registered
Joined
·
768 Posts
RE: RallyL email virus

- If you worry about a virus, and don't want to spend $ 9.95/year for Norton program, you can open your mail at www.mail2web.com
- This is handy when on the road
- They sponsor a race car as well!
 
1 - 20 of 20 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top