//www.freelists.org/webpage/Antivirus [FX]-----Original Message----- [FX]From: news@xxxxxxxxxxxxx [mailto:news@xxxxxxxxxxxxx] [FX]Sent: Thursday, May 16, 2002 3:19 PM [FX]To: news@xxxxxxxxxxxxx [FX]Subject: Virus News: Be ON Guard for a False Klez Fix [FX] [FX] [FX] [FX]Virus News. Thursday, May 16, 2002 [FX]****************************************************************** [FX] [FX]1. Be ON Guard for a False Klez Fix [FX]2. How to subscribe/unsubscribe [FX] [FX]**** [FX] [FX]1. Be ON Guard for a False Klez Fix [FX]An imitation cure for the Klez Internet worm has emerged. [FX] [FX]Kaspersky Labs, an international data-security software [FX]developer, warns [FX]computer users about a distribution by an unknown malicious [FX]person of [FX]the Trojan program "TrojanDownloader.Win32.Smokedown", [FX]which is hidden [FX]under the guise of a cure for the Klez Internet-worm. [FX] [FX]This malicious program was distributed via email. The [FX]infected message [FX]has an HTML format and harbors the following characteristics: [FX] [FX]Subject: You're under a serious threat! Message Text: Kaspersky Labs [FX]urging users to take the necessary measures to protect themselves [FX]against the mounting threat from the latest version of the [FX]Internet-worm [FX]Klez, most users lightly regarded the problem of securing [FX]their personal [FX]data, resulting in a global Internet virus epidemic. Over the past [FX]several days our technical support services have received [FX]over twelve [FX]thousand inquiries concerning Klez Internet worm infections. [FX] [FX]The sender is shown as "Kaspersky Labs" and the address shown is [FX]"support@xxxxxxxxxxxxx". In actuality the anonymous [FX]evildoer sent out [FX]this malicious program from a mail server located in [FX]Australia and the [FX]aforementioned sender information was deliberately falsified. [FX] [FX]The message body also contains a disguised Java script that [FX]imperceptibly loads the Trojan horse "Smokedown" from a [FX]remote server [FX]and installs it on the user's computer. To complete this [FX]the malicious [FX]code exploits a vulnerability in the Internet Explorers [FX]security system [FX]that was first revealed in March 2001 and described in the Microsoft [FX]bulletin found here: <http://www.microsoft.com/technet/security/bulletin/MS01-020.asp> [FX] [FX]The patch for this vulnerability can be downloaded from the [FX]following [FX]address: <http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp> [FX] [FX]At this time Kaspersky Labs has not registered actual contaminations [FX]from "Smokedown", regardless we recommend users proceed with extreme [FX]care if they receive an email containing the contents [FX]described above. [FX] [FX]The cure for "Smokedown" was included in the Kaspersky Anti-Virus [FX]database nearly a month ago. [FX] [FX] [FX] [FX]** [FX] [FX]2. How to subscribe/unsubscribe [FX] [FX]If you would like to subscribe to other Kaspersky Lab news [FX]blocks or [FX]to unsubscribe from this news block, you can do so by visiting [FX]http://www.kaspersky.com/subscribenow.html [FX] [FX]If you experience any problems with this procedure, please [FX]contact us at: [FX]news@xxxxxxxxxxxxx [FX] [FX]**** [FX] [FX]Best of Luck, [FX] [FX]Kaspersky Lab News Agent [FX] [FX]----- [FX]10 Geroyev Panfilovtcev St., Moscow, 123363, Russia [FX]Telephone./Facsimile: +7 (095) 948 43 31 [FX]WWW: http://www.kaspersky.com, http://www.viruslist.com [FX]FTP: ftp://ftp.kasperskylab.ru [FX]E-mail: info@xxxxxx [FX] to receive regular information on computer viruses //www.freelists.org/webpage/Antivirus