[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fw: Virus Warning from MailScan to Mail-Recipient!



This is likely not from a Boston-Radio-Interest recipient.

This looks like the W32/KLEZ-G worm (also known as I-Worm.Klez.h). One of
its tendencies is to set a fake From: address to one found on the hard
drive of the infected machine. Without the original infected e-mail, we 
won't know from where it comes.

I use PINE on my UNIX box here to read BRI messages - this list has NOT 
forwarded any viruses, nor have I seen any attempts, which further makes 
me believe there is not an infected user on this list.

Nonetheless, make sure you're up-to-date on your virus definitions - if 
you don't have any virus-scanning software, get some. It's inexpensive 
insurance, and it WILL save you, as viruses are becoming more prevalent 
every day.

OBRadioContent:
Any word on the future of 1550 (WURP - Braddock)? Inner City Broadcasting 
took it off the air a few months ago (end of December 2001, IIRC) and not 
much has been heard about it since. Anybody have any ideas on its 
disposition?

-Peter Murray (N3IXY)
Pittsburgh, PA

On Wed, 24 Apr 2002, Ira Apple wrote:

> Please let us know when this has been totally cleaned. I would not click on
> any Boston Radio email at this time. From what I have read the KLEZ worm
> does not even need to be opened to cause a problem.
> 
> Thanks,
> 
> Ira Apple
> 
> ----- Original Message -----
> From: <Admin@globetrucking.com>
> To: <boston-radio-interest@khavrinen.lcs.mit.edu>
> Sent: Wednesday, April 24, 2002 6:13 AM
> Subject: Virus Warning from MailScan to Mail-Recipient!
> 
> 
> > The attachment(s) that came with the following mail
> > received by you had Viruses in it.
> >
> > =============================================================
> > The Mail came from    : info@ideas-gulf.com
> > The Mail recipient    : boston-radio-interest@radio.lcs.mit.edu
> > Subject of the Mail   : Copyright contents.
> > Message-ID            :
> >
> > Attachment-Name         Virus-Name              Action-Taken
> > ------------------------------------------------------------
> > 24086300.HTM            "Exploit.IFrame.FileDownload" Deleted
> > color.exe               "I-Worm.Klez.h"         Deleted
> > =============================================================
> >
> > Use  MailScan on your  EMail  Servers  and  eScan on your
> > Windows-based PCs and Servers for maximum protection from
> > Internet-borne viruses.
> 
>