HackfixNews: Be ON Guard for a False Klez Fix

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: hackfixnews@xxxxxxxxxxxxx
  • Date: Thu, 16 May 2002 20:52:41 -0700

Be ON Guard for a False Klez Fix
An imitation cure for the Klez Internet worm has emerged.

Kaspersky Labs, an international data-security software developer, 
warns computer users about a distribution by an unknown malicious 
person of the Trojan program "TrojanDownloader.Win32.Smokedown", 
which is hidden under the guise of a cure for the Klez Internet-worm.

This malicious program was distributed via email. 
The infected message has an HTML format and harbors the following 

Subject: You're under a serious threat! Message Text: Kaspersky Labs
urging users to take the necessary measures to protect themselves
against the mounting threat from the latest version of the 
Internet-worm Klez, most users lightly regarded the problem of 
securing their personal data, resulting in a global Internet virus 
epidemic. Over the past several days our technical support services 
have received over twelve thousand inquiries concerning Klez 
Internet worm infections.

The sender is shown as "Kaspersky Labs" and the address shown 
is "support@xxxxxxxxxxxxx". In actuality the anonymous evildoer 
sent out this malicious program from a mail server located in 
Australia and the aforementioned sender information was 
deliberately falsified.

The message body also contains a disguised Java script that
imperceptibly loads the Trojan horse "Smokedown" from a 
remote server and installs it on the user's computer. 
To complete this the malicious code exploits a vulnerability in 
the Internet Explorers security system that was first revealed in 
March 2001 and described in the Microsoft bulletin found here:

The patch for this vulnerability can be downloaded from the 
following address:

At this time Kaspersky Labs has not registered actual contaminations
from "Smokedown", regardless we recommend users proceed with 
extreme care if they receive an email containing the contents described 

The cure for "Smokedown" was included in the Kaspersky Anti-Virus
database nearly a month ago.
From; Kaspersky Lab news 
If you would like to subscribe to other Kaspersky Lab news blocks or 
to unsubscribe from this news block, you can do so by visiting
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
See my Anti-Virus pages ~ http://virusinfo.hackfix.org 

To unsubscribe from our list send an email 
to hackfixnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.

For a complete list of email commands for our list send 
an email to ecartis@xxxxxxxxxxxxx with a subject line of 
"info hackfixnews" without the quotes.

Other related posts:

  • » HackfixNews: Be ON Guard for a False Klez Fix