If they are using Symantec's FixKlez, make sure they are booting up in Safe
Mode. Most people I've run across that run the FixKlez tool do it in normal
mode and then can't understand why it leaves 4 or 5 files. After I told
them to go back and run it in Safe Mode, it cleaned all files.
To effectively deal with Klez, each business should make sure that if they
are using Outlook, it's fully patched. That is the main reason Klez is
spreading. You think businesses would learn after getting crunched every
year for not patching Outlook.
Businesses should seriously consider buying a E-Mail gateway like
MailSweeper or TrendMicro Virus Wall. There is no better place to kill this
than as it enters the network. If you don't have web content filtering,
seriously consider blocking webmail services like Hotmail. A lot of these
come in when a user downloads a file from Hotmail, Yahoo, AOL, etc.
From: "Heidi Henry" <mcps@private>@/var/spool/majordomo/lists/crime on
05/21/2002 05:48 PM
Sent by: owner-crime@/var/spool/majordomo/lists/crime
To: "Crime" <crime@private>
cc:
bcc:
Subject: CRIME Korean spam & Klez
I know of several people who have been having a big problem with receiving
Korean Spam e-mails. One in particular, receives eight plus Korean spam
mails per day. This has greatly disrupted their business. The information
has been sent to the Korean War Project, see link below. If you are having
any trouble with the Korean spam the links below will provide you with more
information.
www.koreanwar.org/html/korean_spam.html
www.koreaherald.co.kr/servlet/kherald.article.view?id=200204250059&tpl=print
Some of these people have also been infected with the Klez as well as other
people they communicate with, so it has infected a number of personal and
business computers, some are on networks, some are not. They have gone to
the Symantec site and used their tool to remove the virus but it keeps
re-appearing. The virus provider sites are so busy they are not able to
respond to their requests for help.
As this is greatly disrupting businesses, both by the Korean spam e-mails
and the Klez virus, what is the best method for removing the virus,
formatting their hard drives on the personal PCs? What about on the
network drives? Klez has disabled their virus programs a number of
times. Their businesses are suffering loss due to this latest situation
with both the Korean Spam and the Klez virus. Any suggestions you may have
that I can pass onto these businesses would be greatly appreciated. Thank
you, Heidi
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:19 PDT