I've learned a little about the Klez virus and its variations, and I know that I've received a number of e-mails containing it, but I've never gone past the warning saying that the message contains FRAMES that could be harmful to my computer...
Recently I received an e-mail from [email]RAV@packetstorm.filefront.com[/email]... it looked like this:
From: [email]RAV@packetstrom.filefront.com[/email] To: (My E-Mail) CC: [email]Contact@filefront.com[/email] Subject: RAV AntiVirus scan results
RAV AntiVirus for FreeBSD i386 version: 8.3.2 (snapshot-20020109) Copyright (c) 1996-2001 GeCAD The Software Company. All rights reserved. 1 more days to evaluate. Running on host: packetstorm.filefront.com
----------------------- RAV Antivirus results -----------------------
The infected file was saved to quarantine with name: 1029676130-RAVg7ID8nf05102. The file (part0000:)->(IFRAME0) attached to mail (with subject:Jul 3 2002 19) sent by [email]firstname.lastname@example.org[/email] to [email]email@example.com[/email], is infected with virus: HTML/IFrame_Exploit*. Cannot clean this file. The file was successfully deleted by RAV AntiVirus. The file (part0001:Jul 3.bat) attached to mail (with subject:Jul 3 2002 19) sent by [email]firstname.lastname@example.org[/email] to [email]email@example.com[/email], is infected with virus: Win32/Klez.H@mm. Cannot clean this file. The file was successfully deleted by RAV AntiVirus. ------------------------ this is a copy of the e-mail header:
Received: from logs-tk.proxy.aol.com (logs-tk.proxy.aol.com [18.104.22.168]) by rly-ip01.mx.aol.com (v83.35) with ESMTP id RELAYIN1-0818090823; Sun, 18 Aug 2002 09:08:23 -0400 Received: from Ecikxfw (AC94BB06.ipt.aol.com [22.214.171.124])
Scan engine 8.7 () for i386. Last update: Thu Jun 27 05:44:53 2002 Scanning for 69283 malwares (viruses, trojans and worms).
To get a free 60-days evaluation version of RAV AntiVirus v8 (yet fully functional) please visit:
I'm not sure why I would receive this, aside from the fact that I have replied to some messages from people I do not know with an e-mail saying "who are you" or something like that. If the Klez virus was in an e-mail from someone at filefront and I didn't know who that person was, I may have replied with "who are you."
I was wondering why I would receive this message, and if it's because I could possibly be infected with the virus. From what I've read, it seems that the virus uses a vulnerability in Outlook to execute in the Preview Pane without being prompted. I don't use Outlook, so I'm hoping that viewing an e-mail with the virus will not affect me. Any help would be greatly appreciated.
For more information on the virus, visit: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/klez-h.asp
Yeah the Klez virus really stinks. :(