homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Klez Virus Resurfaces in SEO Community

 5:46 am on Sep 30, 2002 (gmt 0)

Well, I suppose it had to happen sooner or later. This weekend, I caught my first computer virus ever (Klez).

I was on a laptop that I'd just reinstalled winders on a few weeks ago. Ya, I threw Outlook Express on it in a default install of 98se. I've used out look express probably 3-4 times my entire life. Sure enough, I do a quick email check while out in the field, and one of the first emails I get is the Klez virus.

I still don't think I clicked on the attachment but I later discovered the original email virus decoded in a temp directory as a pif file.

Of course I was back home and plugged into the local network 12 hours later before realizing my systems had been infected.

...and it had started out as such a nice sunday...
73 instances of the virus across 4 desktops and one laptop.
It takes 12 hours and 15 mins to scan 400 gig.

Just wanted to let everyone know, that the virus came from someone who has quite a few seo emails in their address book. I've heard from several friends who got it mailed to them too.

Klez is an especially agressive virus that attaches itself to every exe you run and rewrites itself to disk. It uses several stealth techniques to hide itself and rewrites itself to the auto start key every half second so that it always runs. It's nearly impossible to purge yourself by hand. It is non fatal and just sets on disk until a preset time and date where it starts deleting files at random. There are several variations of it running around. In a networked system, it will reach out across shared drives and infect systems that way too. So it's part trogan/part worm that makes purging it very combersome.

Just for reference - I've never owned a virus scanner and don't plan to now either. I simply need to follow my own advice and never use MS products for internet work.



 5:54 am on Sep 30, 2002 (gmt 0)

I've never run a virus scanner either... I only use IE to check sites on and other than that don't use MS prd's at all. So nice clean PC ;)



 5:54 am on Sep 30, 2002 (gmt 0)

Ouch Brett, I've noticed even with virus scanner software Outlook is one piece of software that is often fooled. Good thing you didn't have me in any address book :P

if it makes you feel better i spent the better portion of the night packing wardriver t-shirts that i have 3 huge trash bags full of which i will bring to the post office tomorrow :P

Even with antiviral software you can still get screwed sorry to hear about your event. I use pine to do all my email :P


 6:18 am on Sep 30, 2002 (gmt 0)

Just for reference - I've never owned a virus scanner and don't plan to now either. I simply need to follow my own advice and never use MS products for internet work.

I don't own one either, but I've been able to use OE for email in conjunction with MailWasher. It works, I've never had one, even though I get these Klez things from time to time.

Mailwasher will let me examine them, and I turn off automatic email checking in OE. Works well, and I might add, should work fine for any email virus in the future.

2 problems with Anti-V software: it has to be updated ALL the time, and it spends a bunch of CPU cycles. If you've been on a PC with NAV, you'll know what the slowdown is.

My biggest problem with Klez is that I've received them, copied and pasted the headers in mailwasher, and then sent that text to abuse@whateverisp.com - Just look at the originating IP. And then most of the time the Return-Path field matches the originating IP. Plenty of cases that I've found where the ISP just ignores what I sent them - mostly an advisory message to let your customer know - But OTOH, about 50% seem to stop this stuff.

An aside here - I'm really liking Mozilla 1.1 (I've switched from Opera now to make that one the default browser), but I didn't download the email client. Anybody using the built in email client with that?


 5:29 pm on Sep 30, 2002 (gmt 0)

Eudora/Mac. I get virus attachments constantly... :) ...and they go straight to the round file without any harm done. That said, I do have NAV installed... set to scan disks and downloads.

I've been using a virus scanner ever since dealing with the only virus I ever caught... from dowloading files in an... *ahem* ...unsavory neighborhood. (In other words: I was asking for it.)

However NAV cleaned it up, and I've had no problems since.

I simply need to follow my own advice and never use MS products for internet work.
Or get a Mac. ;)


 12:59 am on Oct 1, 2002 (gmt 0)

Well, I've just had to bury my hard drive. (Hat off, moment of silence.) The nice tech support guy said that the most common cause of complete drive-death was viruses. Luckily the drive was under warranty...but not the data, of course.

I had NAV with live update and ran virus checks daily. But who knows? I'll try Eudora this time. Pegasus was good but couldn't do all I needed and developed bugs, so I went back to Outlook.

Or maybe it got too hot, or got jostled too much during transport. (Sniffle)

I'll just crawl away now and be pitiful...


 1:04 am on Oct 1, 2002 (gmt 0)

Using Eudora with NAV I get 2 or 3 Klez's and other nasties a day. They have never got past the virus checker though :)

(Desperately looking for wood to touch)

In a supersititious way, not... well... er...


 3:03 am on Oct 1, 2002 (gmt 0)

I have been getting hammered for months. Eudora/NAV has foiled them all so far.

Plus Opera for browser.

This is one of the reasons I just switched to a Mac but I still had NAV installed first thing. The new critical security updates rolling out of M$ every two weeks for months now also helped that decision. I just don't think M$ can plug all the gaps.

There is some nasty stuff coming along soon I think.


 3:22 am on Oct 1, 2002 (gmt 0)

Just for reference - I've never owned a virus scanner and don't plan to now either. I simply need to follow my own advice and never use MS products for internet work.

Um, guys, get real. Sorry for being so blunt, but it's getting nasty out there in the world of viruses. It's a complete myth that the only way to get a virus is through outlook or Microsoft products. Yes, that's the current fad, but the first viruses were on Unix and VMS, the first really big worm was in 1988 way before Windows was popular, and there are virus scanners on the Mac for a reason.

Five years ago a Mac virus ripped through my office. How was it passed? Floppy disks.

In the company that I work for, I manage almost a thousand servers and workstations. Every single one of these systems has a virus scanner. Our stores (about 200 of them) have McAfee on their systems, and the office systems have norton. Our SMTP email gateways have yet a third scanner system, and our internal servers also virus scan. In addition, we've got everything up to patch and have outlook set to maximum protection.

We have macs and these are protected with their own virus scanners. And yes, they do occasionally trap viruses.

Our SMTP gateway virus scanners block as many as a thousand email viruses a day. A few get through to the exchange servers, which block about a dozen a day. Once in a while, one gets through to the desktop (one a week or so).

Why all this paranoia? We had one breach a few years ago, "I Love You", which cost a hundred man hours to eradicate. At that time, I decided "never again". Since I'm in charge and had the authority, I made it so.

As I said, at the moment Windows is the current popular target (primarily due to some really idiotic design decisions made by Microsoft on some of their products), but as Linux and other operating systems become more popular they will become bigger and bigger targets. As will other applications.

I my humble opinion, based upon 25 years of experience in the computer field, not owning and maintaining a virus scanner is living on borrowed time.

Richard Lowe


 3:34 am on Oct 1, 2002 (gmt 0)

"I my humble opinion, based upon 25 years of experience in the computer field, not owning and maintaining a virus scanner is living on borrowed time."

Good one. I say it's like living in the downtown section of a major us city without having a lock on your door.


 3:35 am on Oct 1, 2002 (gmt 0)

*bows down before richlowe* Took the words right out of my mouth.

There's a reason little boys throw rocks at glass panes - it's a lot more exciting than throwing a rock at a grain of sand.. not to mention easier to hit.

If Eudora or Pegasus had market dominance, bet your bum they'd be writing viruses for them.

If it comes to "some people"'s attention that there's a large professional sector out there who through arrogance, naivety or whatever feel they are immune, guess who "some people" will be targetting next.

I use Outlook. I use Outlook Express. I use Eudora and I use Pegasus. All on the same machine. Firewalled and anti-virused up the wazoo. Not because I don't trust one or the other, but because I don't trust anyone on the other end of my email.

"It's not paranoia if they really are out to get you".


 4:23 am on Oct 1, 2002 (gmt 0)

MS will always be the major target for two reasons, sheer numbers, and sloppy proprietary code.


 4:32 am on Oct 1, 2002 (gmt 0)

sloppy proprietary code

Proprietary has nothing to do with anything. And it's not so much the code that's bad. It's very poor decisions in regards to the design of their products. Silly decisions such as including a scripting engine in the email program which can be executed from an email...

Contrary to the current mythology, there is no inherent advantage to open source. The important factors are the depth and thoroughness of the design of the product, the skill of the coders, the level of project management, and, most importantly, how well the goals are chosen for the product.

I've seen some pretty terrible open source code, and I've used some excellent proprietary code.

Richard Lowe


 5:30 am on Oct 1, 2002 (gmt 0)

It depends on your environment on whether you need an antivirus program running all the time. First rule of email: never open attachments from anyone you don't know. Second rule of email: never open attachments from people you do know. Third rule of email disable all the "features" you can in your email program: html email, javascript, activex, etc. That will protect you from 99.99% of email viruses out there. Fourth rule of email: be paranoid.

The only virus I ever got hit with in my entire life (and I've been around computers a long time) was when I did something stupid. I violated the second rule of email. Fortunately it was a harmless one.

First rule of Fight Club: you do not talk about Fight Club.


 5:32 am on Oct 1, 2002 (gmt 0)

It depends on your environment on whether you need an antivirus program running all the time

I disagree. If the computer is attached to the internet in any way (dialup, dsl, cable, even floppy drive) then it needs antivirus.

Sorry, don't understand the fight club reference.

RIchard Lowe


 5:36 am on Oct 1, 2002 (gmt 0)

Fight Club [foxmovies.com]. Irrelevant comment.

No, you need a firewall. But antivirus running continuously is not necessary if you practice safe sex in some environments.


 5:49 am on Oct 1, 2002 (gmt 0)

i still get klez from timeto time. i use this tool lto remove it:


added: jsut check and my fixklez.com whcih i have some months now has version 1.0.2

the one on the link has 1.0.11

so whcih one is more new? my version delted 4 or 5 variants of virus and is longer in size but this new one only 2 viruses and is shorter..strange..

so is 2 more than 11 or is 11 like 1.1?



 7:38 am on Oct 1, 2002 (gmt 0)

jsut downlaoded latest norton antivirus 2002 virus definitons updateand found 8 more klez viruses on my computer! doh!fortunatelly idont see any damage done


 7:51 am on Oct 1, 2002 (gmt 0)

Our smtp server checks all incoming\outgoing emails with Mcafee (updated Hourly)and all our workstation and laptops are protected with NAV updated every 3rd day

Today I got 45 Virus Warnings emailed to me from the smtp server....

I've been virus free for over a year, they did get a backdoor program through but zonealarms picked that up.

I have found the bigger and better you do in the search engines the more you attract the wrong kind of surfer.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved