Klez Virus -1 reply

Please wait...

NickdeClaw

Slightly cooler than a n00b

50 XP

16th June 2002

0 Uploads

41 Posts

0 Threads

#1 16 years ago

I've learned a little about the Klez virus and its variations, and I know that I've received a number of e-mails containing it, but I've never gone past the warning saying that the message contains FRAMES that could be harmful to my computer...

Recently I received an e-mail from [email]RAV@packetstorm.filefront.com[/email]... it looked like this:

From: [email]RAV@packetstrom.filefront.com[/email] To: (My E-Mail) CC: [email]Contact@filefront.com[/email] Subject: RAV AntiVirus scan results

RAV AntiVirus for FreeBSD i386 version: 8.3.2 (snapshot-20020109) Copyright (c) 1996-2001 GeCAD The Software Company. All rights reserved. 1 more days to evaluate. Running on host: packetstorm.filefront.com

----------------------- RAV Antivirus results -----------------------

The infected file was saved to quarantine with name: 1029676130-RAVg7ID8nf05102. The file (part0000:)->(IFRAME0) attached to mail (with subject:Jul 3 2002 19) sent by [email]nickdeclaw@msn.com[/email] to [email]contact@filefront.com[/email], is infected with virus: HTML/IFrame_Exploit*. Cannot clean this file. The file was successfully deleted by RAV AntiVirus. The file (part0001:Jul 3.bat) attached to mail (with subject:Jul 3 2002 19) sent by [email]nickdeclaw@msn.com[/email] to [email]contact@filefront.com[/email], is infected with virus: Win32/Klez.H@mm. Cannot clean this file. The file was successfully deleted by RAV AntiVirus. ------------------------ this is a copy of the e-mail header:

Received: from logs-tk.proxy.aol.com (logs-tk.proxy.aol.com [152.163.206.132]) by rly-ip01.mx.aol.com (v83.35) with ESMTP id RELAYIN1-0818090823; Sun, 18 Aug 2002 09:08:23 -0400 Received: from Ecikxfw (AC94BB06.ipt.aol.com [172.148.187.6])

Scan engine 8.7 () for i386. Last update: Thu Jun 27 05:44:53 2002 Scanning for 69283 malwares (viruses, trojans and worms).

To get a free 60-days evaluation version of RAV AntiVirus v8 (yet fully functional) please visit:

http://www.ravantivirus.com

I'm not sure why I would receive this, aside from the fact that I have replied to some messages from people I do not know with an e-mail saying "who are you" or something like that. If the Klez virus was in an e-mail from someone at filefront and I didn't know who that person was, I may have replied with "who are you."

I was wondering why I would receive this message, and if it's because I could possibly be infected with the virus. From what I've read, it seems that the virus uses a vulnerability in Outlook to execute in the Preview Pane without being prompted. I don't use Outlook, so I'm hoping that viewing an e-mail with the virus will not affect me. Any help would be greatly appreciated.

For more information on the virus, visit: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/virus/alerts/klez-h.asp




Yoda's Apprentice

GF makes me horny

50 XP

18th August 2002

0 Uploads

93 Posts

0 Threads

#2 16 years ago

Yeah the Klez virus really stinks. :(