Results 1 to 5 of 5
  1. #1
    3 Star Lounger baumgrenze's Avatar
    Join Date
    Feb 2001
    Location
    California, USA
    Posts
    262
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Klez Virus (NSC 4.08)

    In Woody's Office Watch Volume 7, Number 16:

    http://www.woodyswatch.com/office/ar...ate.asp?v7-n16

    I learned about the Klez virus. What I did not learn is if AV programs like Norton should detect e-mail containing the virus if one does not use IE/Outlook.

    Each time I've received a suspect e-mail, I've seen nothing when I previewed the message. When I've looked at my inbox as a text file in Word, each suspect message contained upwards of 30-40 pages of "code" that was otherwise unreadable. I have had no warnings from Norton AV. I keep my definitions up to date.

    Is it sufficient to trash the message and then empty the trash, or does the "Recycle Bin" end up preserving the code?

    I am finding it necessary to use IE 5.5 from time to time to access websites that are just trash when viewed with NSC 4.08. I've also begun falling for the "copy and paste" feature which gives some pretty complicated nested tables in Word, but which beats a bunch of hard returns and spaces hands down in some cases.

    Thanks in advance for any advice/comments.
    Baumgrenze
    Hier sind wir tief eingewurzelt.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Klez Virus (NSC 4.08)

    I don't think deleted messages go into the Windows recycling bin; instead, I suspect the program marks the space they occupy in the mailbox file as available for overwriting. So deleting probably is good.

    Most antivirus software does not detect viruses in the mailbox; these programs usually "hook" the operating system function that creates new files. For this reason, it usually is when you attempt to open attachment, and Windows drops it to a temp file, that the AV is triggered. This could explain the lack of alarms.

    As for seeing mostly gibberish, most attachments are rendered that way during their passage through the Internet, and are converted back to binary by the client software.

    Now, the question is: do you dare open those messages? The Klez viruses exploit a flaw in older versions of IE: an .EXE attachment false identified as an audio file would be executed without any security precautions. Because Outlook and Outlook Express use IE to interpret HTML-format mail messages, those mail clients are vulnerable to Klez until IE is patched.

    I have no idea how Netscape Mail renders HTML. One would think NS would use its own rendering engine, and therefore the vulnerability is not applicable. But rather than take that chance, it makes sense to update IE to SR-2 and apply the recent omnibus security patch. With the update in place, opening a Klez message in Outlook or Outlook Express will not automatically run the attachment. Some folks still could be foolish enough to run an .EXE file, but not you, of course.

    Hope this helps.

  3. #3
    3 Star Lounger baumgrenze's Avatar
    Join Date
    Feb 2001
    Location
    California, USA
    Posts
    262
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Re: Klez Virus (NSC 4.08)

    How do I show embarrassment?

    I just went to my NAV 7.07 and did a bit of studying. I thought that "Real Time Scanning" covered me for incoming e-mail. Now I know better. Perhaps I will be warned next time someone sends another copy.

    I also tried to run a virus scan on my Recycle Bin, but I could not find it. Is it possible to do so?

    Thanks,

    Baumgrenze
    Baumgrenze
    Hier sind wir tief eingewurzelt.

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Klez Virus (NSC 4.08)

    No need to be embarrassed. It's certainly not obvious how these products work.

    We use Trend Micro's OfficeScan, and it does scan the Recycle bin on a routine scan of the C drive. However, I'm not sure how to do it with NAV. Norton might be skipping it on the theory that once it's in the garbage, why check. Perhaps there is an options dialog?

  5. #5
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Klez Virus (NSC 4.08)

    I use Nortons 2002, the in coming and out going email is scanned. This insures that I do not receive any virus and that I am not sending any. Also, when sending, a yellow pane pops up on top and lets you know that you ARE sending, with this if you did not send anything, you can see that you have problem.

    If I remember, these setting are ON by default.

    When I do a complete scan, the whole system (ALL FILES) are scanned.

    If one is using Nortons and have NOT upgraded to 2002, I would suggest that you do ASAP, it will be worth your time and money.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •