[antivirus] FW: Virus News: Be ON Guard for a False Klez Fix
- From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
- To: AntivirusClub@xxxxxxxxxxxxxxx, Cellular-Club@xxxxxxxxxxxxxxx,HackersCrackers@xxxxxxxxxxxxxxx, cybergals@xxxxxxxxxxxxxxx,cybergals89@xxxxxxxxxxxxxxx, gado-gado@xxxxxxxxxxxxxxx,Antivirus@xxxxxxxxxxxxx
- Date: Thu, 16 May 2002 17:46:22 +0800
//www.freelists.org/webpage/Antivirus
[FX]-----Original Message-----
[FX]From: news@xxxxxxxxxxxxx [mailto:news@xxxxxxxxxxxxx]
[FX]Sent: Thursday, May 16, 2002 3:19 PM
[FX]To: news@xxxxxxxxxxxxx
[FX]Subject: Virus News: Be ON Guard for a False Klez Fix
[FX]
[FX]
[FX]
[FX]Virus News. Thursday, May 16, 2002
[FX]******************************************************************
[FX]
[FX]1. Be ON Guard for a False Klez Fix
[FX]2. How to subscribe/unsubscribe
[FX]
[FX]****
[FX]
[FX]1. Be ON Guard for a False Klez Fix
[FX]An imitation cure for the Klez Internet worm has emerged.
[FX]
[FX]Kaspersky Labs, an international data-security software
[FX]developer, warns
[FX]computer users about a distribution by an unknown malicious
[FX]person of
[FX]the Trojan program "TrojanDownloader.Win32.Smokedown",
[FX]which is hidden
[FX]under the guise of a cure for the Klez Internet-worm.
[FX]
[FX]This malicious program was distributed via email. The
[FX]infected message
[FX]has an HTML format and harbors the following characteristics:
[FX]
[FX]Subject: You're under a serious threat! Message Text: Kaspersky Labs
[FX]urging users to take the necessary measures to protect themselves
[FX]against the mounting threat from the latest version of the
[FX]Internet-worm
[FX]Klez, most users lightly regarded the problem of securing
[FX]their personal
[FX]data, resulting in a global Internet virus epidemic. Over the past
[FX]several days our technical support services have received
[FX]over twelve
[FX]thousand inquiries concerning Klez Internet worm infections.
[FX]
[FX]The sender is shown as "Kaspersky Labs" and the address shown is
[FX]"support@xxxxxxxxxxxxx". In actuality the anonymous
[FX]evildoer sent out
[FX]this malicious program from a mail server located in
[FX]Australia and the
[FX]aforementioned sender information was deliberately falsified.
[FX]
[FX]The message body also contains a disguised Java script that
[FX]imperceptibly loads the Trojan horse "Smokedown" from a
[FX]remote server
[FX]and installs it on the user's computer. To complete this
[FX]the malicious
[FX]code exploits a vulnerability in the Internet Explorers
[FX]security system
[FX]that was first revealed in March 2001 and described in the Microsoft
[FX]bulletin found here:
<http://www.microsoft.com/technet/security/bulletin/MS01-020.asp>
[FX]
[FX]The patch for this vulnerability can be downloaded from the
[FX]following
[FX]address:
<http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp>
[FX]
[FX]At this time Kaspersky Labs has not registered actual contaminations
[FX]from "Smokedown", regardless we recommend users proceed with extreme
[FX]care if they receive an email containing the contents
[FX]described above.
[FX]
[FX]The cure for "Smokedown" was included in the Kaspersky Anti-Virus
[FX]database nearly a month ago.
[FX]
[FX]
[FX]
[FX]**
[FX]
[FX]2. How to subscribe/unsubscribe
[FX]
[FX]If you would like to subscribe to other Kaspersky Lab news
[FX]blocks or
[FX]to unsubscribe from this news block, you can do so by visiting
[FX]http://www.kaspersky.com/subscribenow.html
[FX]
[FX]If you experience any problems with this procedure, please
[FX]contact us at:
[FX]news@xxxxxxxxxxxxx
[FX]
[FX]****
[FX]
[FX]Best of Luck,
[FX]
[FX]Kaspersky Lab News Agent
[FX]
[FX]-----
[FX]10 Geroyev Panfilovtcev St., Moscow, 123363, Russia
[FX]Telephone./Facsimile: +7 (095) 948 43 31
[FX]WWW: http://www.kaspersky.com, http://www.viruslist.com
[FX]FTP: ftp://ftp.kasperskylab.ru
[FX]E-mail: info@xxxxxx
[FX]
to receive regular information on computer viruses
//www.freelists.org/webpage/Antivirus
Other related posts:
- » [antivirus] FW: Virus News: Be ON Guard for a False Klez Fix
