Re: CRIME Korean spam & Klez

From: brvarin@private
Date: Tue May 21 2002 - 20:47:40 PDT

  • Next message: Steve Nichols: "CRIME Virus list"

    If they are using Symantec's FixKlez, make sure they are booting up in Safe
    Mode. Most people I've run across that run the FixKlez tool do it in normal
    mode and then can't understand why it leaves 4 or 5 files. After I told
    them to go back and run it in Safe Mode, it cleaned all files.
    
    To effectively deal with Klez, each business should make sure that if they
    are using Outlook, it's fully patched. That is the main reason Klez is
    spreading. You think businesses would learn after getting crunched every
    year for not patching Outlook.
    
     Businesses should seriously consider buying a E-Mail gateway  like
    MailSweeper or TrendMicro Virus Wall. There is no better place to kill this
    than as it enters the network. If you don't have web content filtering,
    seriously consider blocking webmail services like Hotmail. A lot of these
    come in when a user downloads a file from Hotmail, Yahoo, AOL, etc.
    
    
    
    
    
    
    
    
    
    From: "Heidi Henry" <mcps@private>@/var/spool/majordomo/lists/crime on
          05/21/2002 05:48 PM
    
    Sent by:  owner-crime@/var/spool/majordomo/lists/crime
    
    
    
    To:   "Crime" <crime@private>
    cc:
    bcc:
    
    
    Subject:  CRIME Korean spam & Klez
    
    
    
    I know of several people who have been having a big problem with receiving
    Korean Spam e-mails.  One in particular, receives eight plus Korean spam
    mails per day.  This has greatly disrupted their business.  The information
    has been sent to the Korean War Project, see link below. If you are having
    any trouble with the Korean spam the links below will provide you with more
    information.
    
    www.koreanwar.org/html/korean_spam.html
    www.koreaherald.co.kr/servlet/kherald.article.view?id=200204250059&tpl=print
    
    Some of these people have also been infected with the Klez as well as other
    people they communicate with, so it has infected a number of personal and
    business computers, some are on networks, some are not.  They have gone to
    the Symantec site and used their tool to remove the virus but it keeps
    re-appearing.  The virus provider sites are so busy they are not able to
    respond to their requests for help.
    
    As this is greatly disrupting businesses, both by the Korean spam e-mails
    and the Klez virus, what is the best method for removing the virus,
    formatting their hard drives on the personal PCs?  What about on the
    network drives?  Klez has disabled their virus programs a number of
    times. Their businesses are suffering loss due to this latest situation
    with both the Korean Spam and the Klez virus.  Any suggestions you may have
    that I can pass onto these businesses would be greatly appreciated. Thank
    you, Heidi
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:19 PDT