Subject: Do not remove this copyright notice

thelawnguy

PlowSite.com Addict
Location
Central CT
Do not open any e-mail with this header as it contains a trojan (virus). The tricky part is that the return e-mail is from a well-respected LawnSite/PlowSite moderator...
 
Last edited:

Chuck Smith

2000 Club Member
Location
NJ
Well, it's me....

I ASSURE YOU I am not sending any viruses out. I posted in the plowing discussion this is a nasty virus, that forges headers. I just had it mailed to "me", by "myself".

drfplumbing sent it to me. Then, the virus forged my e mail address, and sent it to websitedesign@snowplowing-contractors.com, which is auto forwarded to my AOL address.

It just pisses me off that people can't take the time to update their virus protection!! :mad:

From what I can figure, the virus snagged my e mail addresses off my web sites. I have gotten this sent to me at least 15 times in the past week, to my "webmaster@" addresses, and my AOL address. I just tried to forward it to TOS Files@aol.com, and their mailbox is full (of this virus I am sure) :mad: :mad: :mad:

~Chuck



-------------------------------------
Subj: Worm Klez.E immunity
Date: 4/26/02 12:04:46 PM Eastern Daylight Time
From: csmith669@aol.com (csmith669)
To: websitedesign@snowplowing-contractors.com

File: border.zip (62292 bytes)
DL Time (49333 bps): < 1 minute

<HEAD></HEAD>

Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.


----------------------- Headers --------------------------------
Return-Path: drfplumbing@prodigy.net
Received: from rly-xa02.mx.aol.com (rly-xa02.mail.aol.com [172.20.105.71]) by air-xa05.mail.aol.com (v84.16) with ESMTP id MAILINXA54-0426120446; Fri, 26 Apr 2002 12:04:46 -0400
Received: from secure29.schmolie.com (secure29.schmolie.com [65.169.26.9]) by rly-xa02.mx.aol.com (v84.10) with ESMTP id MAILRELAYINXA29-0426120403; Fri, 26 Apr 2002 12:04:04 -0400
Received: from pimout2-int.prodigy.net (pimout2-ext.prodigy.net [207.115.63.101])
by secure29.schmolie.com (8.10.2/8.10.2) with ESMTP id g3QG3O210544
for websitedesign@snowplowing-contractors.com; Fri, 26 Apr 2002 09:03:24 -0700
Received: from Wudb (dialup-63.208.68.140.Dial1.Chicago1.Level3.net [63.208.68.140])
by pimout2-int.prodigy.net (8.11.0/8.11.0) with SMTP id g3QG3Oh226912
for websitedesign@snowplowing-contractors.com; Fri, 26 Apr 2002 12:03:24 -0400
Date: Fri, 26 Apr 2002 12:03:24 -0400
Message-Id: 200204261603.g3QG3Oh226912@pimout2-int.prodigy.net

From: csmith669 (csmith669@aol.com)
To: websitedesign@snowplowing-contractors.com
Subject: Worm Klez.E immunity
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=D62619hdf54g
 

nsmilligan

PlowSite.com Veteran
Location
Nova Scotia
W32Klez

This virus is spreading FAST! I had it mailed to me 6 times in the last 3 days, and our office had 6 infected e-mails this morning!
One of our webmail services hasn't been able to catch in their filtrers. Make sure your virus protection is up to date!
 

Chuck Smith

2000 Club Member
Location
NJ
In all the above e mails of the virus in the other thread I started, I masked the actual senders e mail address. NOT THIS TIME.

This is why it is important to read the HEADERS. You can clearly see the above virus was actually sent by drfplumbing@prodigy.net

If you don't see my classic signature, the e mail DID NOT come from me. For those of you who have not seen my sig, no matter what, I always sign my posts and e mails "~Chuck" since 1997...

~Chuck
~Chuck
~Chuck

Oh, and don't open any e mails with any attachment from "me" regardless of what the subject is, if it has an attachment.

This (as I mentioned before) virus exploits a flaw in MICROSOFT OUTLOOK, that by inserting a simple code in the text of the message, it automatically downloads and runs the attachment without the person who is reading the mail knowing!!!

Again, MICROSOFT realeased a patch to fix this flaw back in NOVEMBER 2001.

IF you use Outlook, go update it! Also, in addition to updating your virus protection software, try and update windows as well. The update "link" is right on your START MENU....

~Chuck


GRRRRRRRRRRRR :mad: :mad:
 

Chuck Smith

2000 Club Member
Location
NJ
I just got it sent to me again, from "a well respected moderator of Lawnsite/Plowsite" ....... Only it was a forged "from field" and the actual sender was the moderator.... which means his computer is infected.The headers match ever othere mail I have gotten from him in the past.

You can read more about it here:

http://www.msnbc.com/news/741151.asp

Please people, update WINDOWS, and your virus protection programs!

You can get the Microsoft Outlook patch here:


http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

IF you use Outlook, PLEASE download the patch!

~Chuck :mad: :mad:
 

timm9

Senior Member
Location
Sierra's, Ca
Most viruses that are targeted at Outlook are designed to enter your address book and then send e-mails with the virus not only from the address book but also from anyone that has sent you e-mails and anyone that is "cc'd in those e-mails. You can help the spread by going into your address book and adding a fake address like "AAAAA" so that it will halt in sending the first wave of outgoing forwards of the virus. This way even if you get it, it won't go after your friends and families. I have seen this work. The other thing you can do is get something other than Outlook and then uninstall Outlook Express.
 

BRL

PlowSite.com - Veteran
Location
Somerset, NJ
The "fix" that timm9 mentions only works on very few virus types. Most viruses, worms & trojans will still work around that perceived security measure. I don't have time right now to find & post the link that explains it, but trust me on this one. I have sent the link to Chuck & maybe he has it handy & can post it. This Klez virus has been around for a long time, so it is really funny that anyone would actually get it now, as the patches & virus protection updates to avoid it have been out for a long time. Oh well.
 

Top Forums

Similar threads

Similar threads

Top