Email from bucksatan re: the Klez worm??

[fable]

I suggest we wait to hear from Buck on this subject before coming to any conclusions--but I can tell you that I've gotten a number of attached files through the board that supposedly originate with "bucksatan," "sleep," and "aegis," among others. My rule of thumb: if it's an attachment without comment, I delete it. If it's an attachment from someone I don't know, I delete it. If it's an attachment from someone I do know, but I haven't been expecting anything, I write 'em back and tell 'em what I've received, and ask if they sent it.

Any attachments from this forum, I delete. As no one has any reasons to send me any, it stands to reason that any attachments I receive are malicious.

Hope that helps.

[Mr Flibble]

Originally posted by fable
My rule of thumb: if it's an attachment without comment, I delete it. If it's an attachment from someone I don't know, I delete it. If it's an attachment from someone I do know, but I haven't been expecting anything, I write 'em back and tell 'em what I've received, and ask if they sent it.

This is the very best virus defence procedure there is!

Unfortunatly Klez is capable of automatically activating itself through the OE and Outlook preview pane. If the email contained a suspicious attachment I would advise checking your system a bit further to make sure it hasn't gotten through regardless of any precautions taken.

[Mr Sleep]

Originally posted by fable
I "bucksatan," "sleep," and "aegis," among others.

Is it Mr Sleep or just Sleep? That would make me slightly suspcious since i never have Sleep as an email alias.

[Demis]

Originally posted by Mr Sleep


Is it Mr Sleep or just Sleep? That would make me slightly suspcious since i never have Sleep as an email alias.

IIRC it's "mrsleep".

[fable]

Originally posted by Mr Flibble
Unfortunatly Klez is capable of automatically activating itself through the OE and Outlook preview pane. If the email contained a suspicious attachment I would advise checking your system a bit further to make sure it hasn't gotten through regardless of any precautions taken.

I've downloaded and used the Norton Klez removal program from Symantec's website--no Klez infection, thus far.

What's more annoying than the virus is the fact that Microsoft knew, according to leaked memos, that OE was susceptible to Klez-like self-replicating email viruses, and chose not to release either that information or any bugfixes--until the leak itself hit the news. It is not a company which feels much interest in its userbase, aside from their wallets.

[Mr Sleep]

Originally posted by Demis
IIRC it's "mrsleep".

That's what i thought, Fable and Aegis said Sleep and i wasn't aware of that one.

@Fable, there have been more than Klez that used the preview pane to auto-open, in fact most viruses released have that feature, Klez has been a lot more wide spread so it has garnered a greater amount of gossip. On reading your statement i think you are saying this was pre-OE 98? Have you got any links to articles? In fact i can recall the multipule mailing viruses over 3 years ago, I wonder at what point MS did actually notice.

Personally i think one of the major causes of virus' transmission is the Preview Pane mixed in with office workers who are not correctly informed of the virus threat, you would be amazed how many people don't have a clue. I am not blaming the individuals, i blame the companies as a whole, they should be aware of the threats to their business.

[The Z]

Whover tries to set up our mods like this should be smited with a million Magic Missiles or be locked in a chamber that's got continuous Abi-Dhalzim's Horrid Wilting being cast in it. Thanks for the warning guys...But I doubt whoever holds a grudge against Buck would know me anyhow.

My rule of thumb: if it's an attachment without comment, I delete it. If it's an attachment from someone I don't know, I delete it. If it's an attachment from someone I do know, but I haven't been expecting anything, I write 'em back and tell 'em what I've received, and ask if they sent it.

I'll adopt that procedure

[BuckGB]

Originally posted by Mr Flibble
The Klez worm uses random names in the 'from' field when it attempts to send itself out. This is more likely to be coincidence that any affiliation with Buck or this site. I've seen this worm use some very strange names...

This is exactly the case. When someone is infected with the Klez virus, it will automatically mass email any and all email addresses that it finds in your browser's cache, with a random "From" and "Subject" field (which is also pulled from your cache). So, if anyone who frequents GameBanshee is infected, chances are they are sending out emails with names like bucksatan, fable, mrsleep, demis, aegis, or anyone else whose name appears on a lot of the pages they view. My alias is probably a very common one for GB visitors to be sending out, since it appears on all news pages and is listed on every single forum page, due to the fact that I'm a moderator on all forums.

Unfortunately, there's absolutely nothing we can do to stop it. The only thing we can do is recommend that all of you scan your computer daily with the latest virus definitions. Or, if you want to check for Klez specifically, download Symantec's free removal tool (which you can find here).

Oh, and it's good to be back! =) I'll start typing my E3 report shortly, so expect to see it sometime in the next day or two.

[KidD01]

YAY ! Buck is back !

Buck, I can't wait to read your E3 report

[Ode to a Grasshopper]

And to see the pictures of the booth babes!

[Morlock]

I at one point got emails with klez at huge volumes- about 35 a day, it's slowed down, but every once in a while ianother one comes, so I'll try the link. Thanx Buck!

BTW I can confirm that it picks random name-emails that said they were from my dad had the virus.