Skip to main content
Topic: Time to check your computer for viruses (Read 16572 times) previous topic - next topic

Time to check your computer for viruses

Currently (April-May 2002) there is an E-mail virus going around. I believe it is a version of "klezmer". Several copies have arrived in my mailbox. This is not a problem for me, since my software zaps them. But since my E-mail address is used by very few people (including some NWC users), some of you may have the virus. I believe it propagates via Outlook.

The virus is disguised as a screen saver file, about 120K in size (extension *.scr). It usually propagates in E-mail by sending a message, with a picture, inviting the reader to click to go to a funny site. Clicking activates the virus. If you have recently read anything like that, you probably have the virus.

I'm not sure what the virus does, other than propagate itself, but it may have malicious activity. Now is the time to hunt it down.

 

Re: Time to check your computer for viruses

Reply #1
Any time is a good time to check your system for viruses, especially if you have not been doing so periodically.

We now get hundreds of infected e-mails each day, so there are a lot of people infected out there. We get all kinds, including several klez variants. The klez strains are some of the most irritating, since the e-mails that it sends out forge other people's identity in the from header (which it gets from the infected computer's address book), so the person identified as the sender is not even the one infected.

Re: Time to check your computer for viruses

Reply #2
I've been getting up to half-a-dozen a day lately also, and judging by the subject and sender it's mostly klez, but also others like magistr. What's interesting, though is that Netscape mail now apparently screens them, and even though I get the message, the attachment has been stripped... whether I go in through IMAP in the N6 mail client, or through http.

Now if only hotmail would do the same -- on the sending end. At least half of these virus emails are coming from hotmail accounts.

Re: Time to check your computer for viruses

Reply #3
PS - I even got one with the return address faked as NoteWorthy Online!

F

Re: Time to check your computer for viruses

Reply #4
"At least half of these virus emails are coming from hotmail accounts"

Yes, but are you sure of this? As I understand it, the klez variants have their own SMTP server built in, so any e-mail they send out have totally forged headers, making it nearly impossible for you to know the e-mail address of the actual infected user unless the file that it sends out contains private info from the infected user's PC, or you are a masterful packet sniffer.

more details...

Re: Time to check your computer for viruses

Reply #5
No, I'm not a master packet sniffer -- or master much of anything for that matter. :) I should have qualified my statement - a significant portion of the other viri (magistr, etc.) appear to be coming from hotmail.

Re: Time to check your computer for viruses

Reply #6
I've got klez on the brain (since we get so many). I should have understood what you meant.

Re: Time to check your computer for viruses

Reply #7
NoteWorthy Online wrote in https://forum.noteworthycomposer.com/?topic=2347.msg12965#msg12965:

<<The klez strains are some of the most irritating, since the e-mails that it sends out forge other people's identity in the from header (which it gets from the infected computer's address book), so the person identified as the sender is not even the one infected.>>

That is true, but in this case I believe that the e-mail address of the infected user is stored into the Return-Path field from header.

Re: Time to check your computer for viruses

Reply #8
Interesting. Thanks for the info.

Re: Time to check your computer for viruses

Reply #9
Indeed, the reason I raised it here is that I got an E-mail with "noteworthy" forged as the sender. But I knew it wasn't genuine (becuase a real E-mail from our sponsor is not sent as "noteworthy"). I supposed that some other NWC user had his or her mail list hijacked by the virus.


Re: Time to check your computer for viruses

Reply #11
I think the fore-mentioned Klezmer virus is carried by a clarinet/accordion combination.

Re: Time to check your computer for viruses

Reply #12
Oy Veh !!!

;-)

Re: Time to check your computer for viruses

Reply #13
I just got the Klez virus! Luckily I was in Yahoo mail, not Outlook. The virus was disguised as a tool to prevent it!

Re: Time to check your computer for viruses

Reply #14
P. S. Olivier was right, the infected user was in the return path.

Re: Time to check your computer for viruses

Reply #15
This virus is still going around. I get a couple of copies every weekend. Typical file size is now 126K. It is always disguised.

It seems that most e-mail viruses propagate via Outlook. At first, I thought that business computers (which often use Outlook as part of MS Office) were being hijacked to send out the virus on weekends, when nobody was around to see. But now I realize that the virus is probably being sent via Outlook Express, which is often automatically installed with Windows. The fact that the virus e-mails come on weekends, rather than during the business week, seems to imply that the propagating computers are used only on weekends. That would be the rare, casual user who is unlikely to have much by way of auxiliary software (such as antivirus programs).

In any case, somebody out there, with "noteworthy" and "marsu" in his or her Outlook e-mail addrress book, has the virus. If that sounds like you, check your computer.

I also get viruses that originate from a font listing.

Re: Time to check your computer for viruses

Reply #16
Once again... I get klez virus e-mail from someone who (judging from the fake sender addresses) is a NWC user. Whoever it is has the following in his or her address book: marsu, rmk, videomail. If that's you, please find a way to remove the klezmer virus from your computer.

Re: Time to check your computer for viruses

Reply #17
FYI: Judging by the hundreds of these we get each day, there is a lot more than one NWC user out there that is infected.

Re: Time to check your computer for viruses

Reply #18
Well, it's just that I thought musicians were <laughtrack> more sophisticated than that. </laughtrack>

Re: Time to check your computer for viruses

Reply #19
Well musicians who use Yahoo aprently are... it seems to filter it.

Re: Time to check your computer for viruses

Reply #20
Netscape also. It filters the attachment, but sends the "message" to let you know what would have happened IF...

Re: Time to check your computer for viruses

Reply #21
Indeed, my mail is filtered (and my computer would nuke klez, anyway). But until my response is verified, my e-mail service places suspect e-mails in quarantine. The quarantine uses up some of my space allocation. I imagine that establishments with more widely-circulated e-mail addresses are plagued by this.

The trouble with klex is that it gives a fake sender address. Once in a while, when a new virus circulates, I can say "Gosh, someone in Tanzania put me in an address book. I wonder why?" But with klez, all I know is that someone, somewhere, has me and a Tanzanian in the address book.

Re: Time to check your computer for viruses

Reply #22
Well, as Olivier wrote way back in https://forum.noteworthycomposer.com/?topic=2347.msg12977#msg12977, klez used to show the infected user in the return path. I e-mailed this infected user once and the virus has stopped for the most part, but now it seems to have remembered to change the return path. At any rate, if the return path is different, I would bet that that e-mail is the infected user...

P. S. to Noteworthy ... Nice new "Approved" button. Also, can I use your javascript to close a window for personal use off the WWW?

Re: Time to check your computer for viruses

Reply #23
Yes. Attaching the javascript:window.close action to an anchor tag, combined with the same attached to a graphic, seems to be handled by the largest variety of browsers.

Re: Time to check your computer for viruses

Reply #24
At this moment in time, it actually works too well in Mozilla/NN6/NN7, closing the entire window rather than just the selected tab. Good news - it's high priority for repair in Bugzilla, so I expect this will be addressed in the final release of NN7.

Re: Time to check your computer for viruses

Reply #25
I don't use the tabbed interface, so I did not notice this. Thanks for the report.

Re: Time to check your computer for viruses

Reply #26
... it actually works too well in Mozilla/NN6/NN7, closing the entire window rather than just the selected tab.

Fixed as of Mozilla 1.0.1, and in the final release version of NN7.0.

Re: Time to check your computer for viruses

Reply #27
Fixed as of Mozilla 1.0.1, and in the final release version of NN7.0.

huh? we didn't have Mozilla 1.0.1, did we? I thought it went 1.0, 1.1a, 1.1b, and now 1.1.

Anyway, Netscape also released Communicator 4.8. Why do they keep imporving their old product?

Re: Time to check your computer for viruses

Reply #28
No, the 1.0 branch is still being developed, and will probably continue for quite some time. The 1.1 trunk is being worked on simultaneously, but doesn't have the stability yet to warrant being "shipped" for developers to distribute. The roadmap helps to clarify this.

As to why they're still updating 4.x, I can only guess that it's for the benefit of owners of computers that don't meet the minimum requirements to run Mozilla-based builds. But that's just my guess...

Re: Time to check your computer for viruses

Reply #29
OK, I see what you mean. Now I remembered another Netscape question. A teacher wants to know, how do you disable the stupid "activation" in NN 6.2?

About Comunicator 4.xx, I would think that they plan to develop that up until version 5 so that the version numbers would appear not to be interupted. I don't know.

Re: Time to check your computer for viruses

Reply #30
A teacher wants to know, how do you disable the stupid "activation" in NN 6.2?

I'm pretty sure you can just cancel out of it. I go through with it because it allows integration of IMAP mail, IM, Netscape channels, stuff like that. Don't worry, they don't gather any personal information during this procedure, essentially they just assign you a profile directory key and register your screen-name for the various screen name services. I haven't gotten one bit of spam as a result.

About Comunicator 4.xx, I would think that they plan to develop that up until version 5

I wouldn't be so sure of that, the scuttlebutt on the Netscape newsgroup when NN6 came out was that they skipped V5 because IE was about to come out with IE6 and they wanted to beat them to the punch. The abomination that was NN6.0 was the result of this one-upmanship; that was a Mozilla alpha, not even a beta! I think they've learned their lesson, they've been very careful about the final release of NN7.0.

Hey wait... this is the Noteworthy forum. Oops, sorry. :-p

Re: Time to check your computer for viruses

Reply #31
Oh, that's where we are! Sometimes not having access to private newsgroups makes me halucinate!

Re: Time to check your computer for viruses

Reply #32
RE: netscape 6.2 activation:

Since I only work offline, I figured this out:

In the Netscape folder, look for activation.dll. Change the file name to xactivation.dll or whatever.

Apparently, Netscape looks for the dll when it starts; if it doesn't find it, it carries on without it!

I don't know if the above works on-line, but it probably does.