Had Your Dose of Klez Today? I HOPE Not!

[Golfgar4]

WOW! /w3tcompact/icons/shocked.gif We just got through fixing our computer after getting hit with the Klez(sp?)virus! All you computer Guru's out there probably know all about this thing, but this hacker (hey, that's a golf term too! /w3tcompact/icons/grin.gif) didn't know a thing about it, and obviously didn't know that our computer wasn't protected! /w3tcompact/icons/sad.gif

Last week, around Wednesday, my wife says that a really strange thing happened. She got a reply from one of our friends that her message she sent was not deliverable. /w3tcompact/icons/hmm.gif Well, I sent this guy an e-mail the day before, but how come the reply came to her e-mail address rather than mine? Maybe we'll get do some Sherlock Holming!! /w3tcompact/icons/grin.gif Nothing like a good mystery!

The next day, I get home from work and the wife says that she's getting all these e-mails from someone called MAILER-DAEMON. I ask her how many she received. She says 95 and they're still coming! /w3tcompact/icons/shocked.gif/w3tcompact/icons/shocked.gif

Oh, Oh! No more Sherlock Holming! The jig is up. We been <font color=red>VIRUSED!!</font color=red>

So we start talking about what we should do. I tell her that I'm going to hide out for awhile, 'cause yesterday I sent an e-mail with attachments to every Church Council member, both PAstors, and the church secretary. I've probably infected every last one of them. /w3tcompact/icons/sad.gif O.K. So I'll talk with the guys in IT tomorrow and get some guidance (hopefully the FREE kind! /w3tcompact/icons/wink.gif)

Well, I can't get a hold of any of them, so I figure I'll swing by the Office Max and look at some of the anti-virus software. On the way, I have to drop off some furniture at a local lawn & garden center that had been borrowed for the Parade of Homes. Well, well, one of the fellows I sent the e-mails to is working there part-time. He sees me walking in, and when he sees me he gets this look in his eyes like a bull seeing the red cape! after I calm him down a little, I expalin that I got infected too, and I didn't know that it had happened until after I'd sent the e-mail. Well, I sure am glad he believes in turning the other cheek, cause he did as he stomped away from me! /w3tcompact/icons/sad.gif/w3tcompact/icons/sad.gif

So, I find out later that evening that sure enough, everybody I sent the e-mail to has gotten infected. I'm feeling pretty low about it when it finally dawns on me! These people are no smarter than me, cause they didn't keep their virus protection up to date either!! /w3tcompact/icons/grin.gif Wow, I feel a whole lot better now.....well, as better as I could feel with my computer infected.

On Saturday I go and pick-up Norton SystemWorks and come home to start the process of cleaning things up. I run the disk like the manual says, without downloading the software, and it runs for 7 hours!! At the end, it says it didn't find any viruses!! /w3tcompact/icons/shocked.gif I DON'T THINK SO!! So, I call the tech. support number. This guys answers and I explain t my problem. he asks me if I've registered. I say no, I can't register until I load in the software, and I can't load the software because it'll get infected. He says, "Then I can't help you. If you're not registered, I can't do anything for you." /w3tcompact/icons/frown.gif/w3tcompact/icons/mad.gif/w3tcompact/icons/shocked.gif I say, no you don't understand, I WANT to pay you guys money, but I don't want to corrupt your software. He says Sorry, and hangs up! /w3tcompact/icons/mad.gif/w3tcompact/icons/mad.gif/w3tcompact/icons/mad.gif

So I say the H_ _ _ with it and load in the software. Once that's done, I go out to their website and download all of their updates, which downloaded successfully - according to their software. Now I go to run the virus check, and a message pops up telling me that there is no virus software, and oh, by the way, the rest of the Norton software is corrupted! Have A Nice Day! I said F _ _ _ this S _ _ _ and went and played golf!

The next day, my wife tells me she went to the Norton website and found a FREE download that would find viruses and tell you how to get rid of them. She downloaded it, and found that we had 78 files infected. She cleaned the files, downloaded the Norton Software again, and voila - it all works! /w3tcompact/icons/blush.gif/w3tcompact/icons/mad.gif/w3tcompact/icons/frown.gif/w3tcompact/icons/hmm.gif

I'm going to play MORE golf!! /w3tcompact/icons/crazy.gif

 

[njrqs]

Gazza

Thet Klez virus has been hanging around for sooooooo long now.

I use Norton and it picks up a message from someone I don't know at least once a week now and has done so for months.

A real pain.

Go the golf !!!!!!

 

[Alan L.]

Klez is a bad boy. Our mailserver at work is picking up 10 or 12 a day. It managed to infect McAfee on my home laptop while it was up to date and running. I downloaded a Klez fixit utility and finally corrected the problem.

Klez is one of those viruses you can get without even opening an attachment.

 

[Dob]

Yutz! I get an average of 3 a day, klez's that is.
Between zonealarm & mcafee, no penetration... yet.

 

[cstocks]

I had Norton Antivirus several years ago... until a virus designed to attach itself to Norton bit me. Cleaned out the virus and uninstalled Norton after that.

I currently have McAfee but it is always disabled because it makes my computer crash. Lot of good that does me, huh? Fortuately my ISP has virus protection and I have not picked up any cockydoody viruses in a while. My ISP virus protection has caught a few in the past year so I guess it works pretty good.

Good thing you have a clever wife to exorsize those Daemons out of your computer!/w3tcompact/icons/laugh.gif

 

[Hank]

<font color=blue>Our mailserver at work is picking up 10 or 12 a day</font color=blue>

Consider yourself lucky! Not counting the ones I am blocking because the domain or IP address is a known offender, our email server is receiving hundreds of Klez messages a day.

Almost all of these are coming into our "generic" email boxes, such as webmaster@mentalhealth.org, or info@health.org, ones like those. Each of those boxes is receiving dozens a day. It is not unusual for me to observe the size of one of those boxes at 20-30MB early in the morning, before the staff gets here and downloads them.

As a result, we are in the process of taking those boxes off line entirely, substituting a web-based email form instead.

Our Norton Corp. Edition handles the Klez's just fine, but they sure are a nuisance.

 

[Egon]

We had that lovely little program appear also. A call to our server gave us the access to a free download to eliminate the virus. Fortunetly only a few files were destroyed. We now have Norton installed with auto updates.
Egon

 

[Golfgar4]

<font color=blue>"Good thing you have a clever wife to exorsize those Daemons out of your computer!"</font color=blue>

You're right, Chris. If she weren't so clever, I'd would've missed at LEAST 2 rounds of golf! /w3tcompact/icons/laugh.gif

So far the Norton anti virus we downloaded seems to be catching everything. We also have the auto update service. I sure hope Norton can keep up with all these goofy things that are being sent.

I didn't even know the ISP could have a level of protection. I'll have to contact them and see why theirs didn't pick it up. Thanks for the tip. /w3tcompact/icons/wink.gif/w3tcompact/icons/smile.gif

 

[Alan L.]

We use Norton Corp Edition, but unfortunately we don't use Microsoft Exchange, but rather Mailsite by Rockliffe. NCE won't work for Mailsite, although it protects the regular fileserver and the mailserver itself. With Mailsite, it has an F-Secure engine that seems to catch the Klez's now, but was having trouble until I upgraded a couple of times. It updates the definitions hourly. So far, so good.

If these people are smart enough to create the viruses and a way to infect systems, they should be smart enough to do something useful instead.

 

[Hank]

<font color=blue>If these people are smart enough to create the viruses and a way to infect systems, they should be smart enough to do something useful instead.</font color=blue>

I couldn't agree more. I see them as sort of cyber-vandals, like the kids who would key your car just because it's there.

Oh well, it gives me something (else) to do. I actually derive a subtle pleasure from blocking out entire blocks of IP numbers, so they cannot send mail to us (more the spammers than the virus folks, but there is little difference between the two in my mind).

 

[kevincook]

I always thought it would be a good idea to recruit these people and put them to work for the good guys! How about we have them track down the terrorist's websites and e-mail and knock them right off the internet. As soon as they take care of that we can have them take the spammers out!

 

[patrickg]

GOLFGAR Always but always practice SAFE COMPUTING! I too have Norton System Works, and it seems to do a good job. I especially like the automatic online virus updates. Otherwise virus software gets obsolete so fast. You need the constant updates. I let it scan my outgoing mail as well just to be sure I don't do a "typhoid Mary" like you did.

I can recall when "hacker" was a good thing to be recognized as but like so many other terms it gets ruined by the rush to use new terminology enjoyed by the press and a fair number of common folk who also misuse terms till their communicative content is destroyed or the term is essentially redefined.

Patrick

 

[Golfgar4]

<font color=blue>"Always but always practice SAFE COMPUTING!"</font color=blue>

Patrick, I couldn't agree with you more! Unfortunately, I thought I was practicing safe computing./w3tcompact/icons/blush.gif My biggest mistake was that I didn't periodically check what my anti-virus software was doing (or not doing)! I think that when we changed ISP's, our anti-virus didn't get brought along or updated. I guess I should've asked them about some Firewalls, etc, but I didn't. /w3tcompact/icons/sad.gif

And yes, now I scan everything. Incoming and outgoing!

As far as a being a "hacker", I realized a short while after posting this that I'm certainly NOT a hacker, other than on the golf course! /w3tcompact/icons/wink.gif For me, you could replace the word "hacker" with the word "Dufus"! /w3tcompact/icons/laugh.gif/w3tcompact/icons/laugh.gif

 

[Dob]

Kevin, they do recruit them - some of the highest paid computer security specialsist are hackers. I have a friend that works freelance in that field. He was not a hacker, but has had to "become" one. He has a great deal of fun trying all day to penetrate his company's sites, and he gets to "run with" the "pro" malicious guys.
I challenged him once to hack me, I use zonealarm in **** retentive mode. I gave him all but the last 4 digit of my IP, he could not get in...
But as Steve Gibson says, "just becasue I can't do it (hack you) today, does not mean I can't do it tomorrow." Stay up to date. I have my av set to auto update, but I check once or twice a day. I have not skipped/missed an update in over a year.
Dob

 

[beenthere]

Re: Had Your Dose of ?

Well I am a fool then, or I got fooled. I had Norton Anti-Virus running, and updating. Somewhere along the line (I faintly recall loading some software that requested I shut down any anti-virus protection to load properly) I didn't have the protection, and managed to get the virus. The virus disabled the Norton program, such that I couldn't run it and had to buy a new copy. Then the list of guru type things that have to be done to successfully (maybe that is impossible) remove the virus is another headache. I still get several e-mails a day that are suspect and have a file attached, which I delete and remove from my trash bin. For a couple months my provider was sending me an e-mail two to three times a day saying they had caught a file with a virus and they deleted it. If I wanted more information, then I was to not reply to this message, but instead I was to open a site attached. Turns out this was not the provider, but the virus sending this message. And if the site was opened, the virus was in.
I've considered buying a computer just for internet connection, so only that computer could be trashed with a virus. As it was, many unrelated programs were wiped out and had to be reloaded.
So I fit the 'fool' designation. Hopefully I won't be a fool anymore (but I doubt that I won't be one doing something else).

 

[patrickg]

Golfgar, I have the greatest respect for folks who let a good walk be spoiled by fussing with a little ball over and over and over and have the intestinal fortitude to continue. I think golf rates right up there just under sailing (the art of slowly going nowhere at great expense while getting violently ill). I have lots of pastures to stroll in with no danger of being hit by an errant ball but you do have to pay more attention to your footing to avoid stepping in something unpleasant.

I don't know if I am OVERINSURED but I pay my ISP $1 a month to filter viruses in my incoming traffic and I run my computer as if I had no ISP protection. I use Norton anti-virus coming and going as well as most of the other Norton utils just trying to keep this evil minion of Bill Gates from totally wasting my time and electricity.

Why couldn't the world have done something sane, ignored big blue, selected a rational OS (UNIX) and a superior microprocessor architecture (Motorola 68K) and made life so wonderful, rational, straight forward? For all the "just regular folks" in need of good GUI there is LINUX or equivalent to wrap around UNIX so you don't have to grep, awk, or sed.

Oh well, back to reality and not being able to print out designs from my architecture design software.

Patrick

 

[Golfgar4]

<font color=blue>"I have the greatest respect for folks who let a good walk be spoiled by fussing with a little ball over and over and over and have the intestinal fortitude to continue."</font color=blue>

/w3tcompact/icons/laugh.gif/w3tcompact/icons/laugh.gif That's a GREAT comment Patrick! Did you hear about the Japanese fellow that came here on business for 6 months? His American co-workers wanted to show him all aspects of American life, so one day they took him golfing. That evening, he was writing a letter to his wife. He said, "They have the strangest game here. They hit a little ball all around a big field with a metal stick. They call the game Oh S_ _ _ !" /w3tcompact/icons/laugh.gif

After this lesson with this virus, I have now got similar insurance through my ISP. and I know what you mean about these operating systems. I don't need to know how to do everything - heck, I bought the doggone thing to do EVERYTHING for me! In fact, I don't want to know everything. Just let me turn it on, visit the sites I want to visit, write the letters I want to write, etc., etc.

And today, just before I left the office, we recieved a message from IT warning that a <font color=red>NEW</font color=red> virus had just been discovered on Monday. I think the name was Bearman/Tenemal (or something like that). It's supposed to be a nasty one that gets in and steals all of your passwords and then starts sending some realy nasty stuff. I checked our Norton updates, and we're supposedly up to date with everything. /w3tcompact/icons/crazy.gif We'll see.

 

[looch]

Had a neat one at work yesterday - Bugbear@mm. We're running Norton Corporate edition which includes desktop client software, server software, a management console, and protection for Exchange. We also have an smtp proxy on our firewall that strips certain types of attachments regardless if they're infected or not. The one thing that we have very little control over is web-based e-mail. One of our laptop users connected to Hotmail and opened up an attachment. Really fun - it sent a binary file to all of our networked printers, wasting about 20 lbs of paper.