[Announce] Klez Virus hitting the mailing lists: Outlook users, please run a virus scan.

Terri Oda terri at zone12.com
Thu May 16 13:44:04 EST 2002 

In the past month or so, linuxchix has seen an increasing number of viruses 
sent to the mailing lists.  I've yet to see one actually get delivered to 
subscribers, but probably some have been sent privately to users.

So if you're a Windows user and particularly if you're an Outlook user, 
PLEASE RUN A VIRUS SCAN on your computer.

If you don't already have a virus scanner, you can do an online scan at 
http://housecall.antivirus.com/ right now, or download a trial copy of many 
virus scanners.  There is also a free scanner (not available free in 
Europe) at http://www.grisoft.com/html/us_index.htm.

You may not know if you're infected, so even if you haven't been noticing 
any strange behaviour, please do the listadmins a favour and scan 
anyhow.  It'll only take a few minutes out of your day, and can save me and 
many others a lot of trouble.

The particular virus we've been seeing is called Klez.  More information 
(including some free scanning and repair tools for windows users) can be 
found here: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html

However, the short version is that one of the variants of Klez changes the 
From: line to some address found in your address book.  Some of you may 
have gotten "Your post has been held for moderation" messages on posts you 
never sent, and some may have gotten messages that appeared to come from 
linuxchix but actually didn't.  Many people who are infected don't know 
because the replies aren't going to them.

If you're curious about who's actually infected, I recommend you look at 
the Return-path: header.  As far as I can tell, it contains the address of 
the real sender.  This can be useful if you want to tell the person that he 
or she is infected, since just hitting "reply" will likely just tell some 
innocent third party.

I haven't been keeping track of all the addresses, but here's a short list 
of people who may have sent at least one, typically more, viral messages to 
our mailing lists in the past few weeks:
	<montgomery at inbox.ru>
	<ILNORMAN at PRODIGY.NET>
	<jenkinsmarietta at panola.com>
	<obdjr01 at cox.net>
	<greens at cyberus.ca>
	<natbiron at sympatico.ca>
	<brolando at ciudad.com.ar>
	<kelzuliani at shaw.ca>
	<bnielsen at sympatico.ca>
	<fjodor_sel at mail.ru>
	<res0c583 at verizon.net>

If you have any questions or would like to let me know that you've fixed 
your computer so I can take your name off the list, please feel free to 
contact me.

  Terri

More information about the Announce mailing list