[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT

Subject: virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT
From: amalventano1@comcast.net (Allyn)
Date: Fri, 03 May 2002 23:53:07 -0400
References: <F214uGWYPALOCn02sli0000b971@hotmail.com><3CD35651.E51C52BC@socal.rr.com> <00c301c1f31e$abdfe4b0$0200a8c0@Al>

doh, misspoke there, its NOT HARMLESS, sorry
Al

----- Original Message -----
From: "Allyn" <amalventano1@comcast.net>
To: "Kevin Collins" <kcollins1@socal.rr.com>; "the hitman" <vwscir88@hotmail.com>
Cc: <scirocco-l@scirocco.org>
Sent: Friday, May 03, 2002 11:49 PM
Subject: Re: virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT


> first, patch from MS to prevent oe from getting the virus:
> http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
>
> kevin,
> actually its very harmless, one dangerous variant of it does this:
>
> Payload: Disables common antivirus products
> Large scale e-mailing: Mails email adddresses found in local files, and Outlook and ICQ address
> books
> ***Modifies files: Overwrites files with zeros on the 6th of every odd numbered month (January,
> March, May, July, September, November)
>
> *****by the way, may 6th is in 3 days*****
>
> another variant does this:
>
> Payload Trigger: On the 13th of every un-even month or based on a random value
> Payload:
> Large scale e-mailing: Email all addresses in the Windows Address Book (WAB)
> ***Modifies files: Zero out the content of all files on all drives between C: and Z:
>
> how it gets your info/sends itself:
> This worm searches the Windows address book, the ICQ database, and local files for email
addresses.
> The worm sends an email message to these addresses with itself as an attachment. The worm contains
> its own SMTP engine and attempts to guess at available SMTP servers. For example, if the worm
> encounters the address user@abc123.com it will attempt to send email via the server
smtp.abc123.com.
>
> pretty nasty sucker, depending on the variant that you have
> Al
>
> Allyn Malventano, ETC(SS), USN
> 87 Rieger GTO Scirocco 16v (daily driver, 170k, rocco #6)
> 86 Kamei Twin 16V Turbo Scirocco GTX ('it has begun', rocco #7)
> 87 Jetta 8v Wolfsburg 2dr (daily driver, 260k, 0 rattles, original clutch, driveshafts, wheels :)
>
>
> ----- Original Message -----
> From: "Kevin Collins" <kcollins1@socal.rr.com>
> To: "the hitman" <vwscir88@hotmail.com>
> Cc: <scirocco-l@scirocco.org>
> Sent: Friday, May 03, 2002 11:32 PM
> Subject: Re: virus?(ot)
>
>
> > the hitman wrote:
> >
> > > i've been getting a ton of these emails that have topics like "hi honey" ..
> >
> > That's the Klez worm.  It's spreading rampantly right now.  Ignore whatever
> > shows as "from" - it can spoof origin email addresses out of other victims'
> > address books.  It's fairly harmless - you DO have some kind of antivirus
> > protection in place, I presume??
> >
> > --
> > Kevin Collins
> > Huntington Beach, CA
> > '86.5 16V 2.0
> > '00 Passat GLS 1.8T
> >
> > _______________________________________________
> > Scirocco-l mailing list
> > Scirocco-l@scirocco.org
> > http://neubayern.net/mailman/listinfo/scirocco-l
>
>
>
> _______________________________________________
> Scirocco-l mailing list
> Scirocco-l@scirocco.org
> http://neubayern.net/mailman/listinfo/scirocco-l

References:
- virus?(ot)
  - From: vwscir88@hotmail.com (the hitman)
- virus?(ot)
  - From: kcollins1@socal.rr.com (Kevin Collins)
- virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT
  - From: amalventano1@comcast.net (Allyn)

Prev by Date: virus?(ot)
Next by Date: virus?(ot)
Previous by thread: virus?(ot) - ACT BEFORE MAY 6TH IF YOU GOT IT
Next by thread: virus?(ot)
Index(es):
- Date
- Thread