Klez virus

[duluthboats]

Just a word of warning about a virus that has been showing up in my e-mail. It was once a week, now I’m getting 3-4 a day. I have good security and so far have not been infected. Here is a discussion of the Klez virus on a different forum that explains it better than I can. I guess this is life on the internet.

http://media5.hypernet.com/ubb/ultim...c;f=5;t=004715


Be careful out there.
Gary

[Jeff]

Yes, I too have noticed that the number of viruses received each day via email is 10x more now than last year at this time

The practice of not opening any attachment that you do not recognize and keeping IE and OE up to date with the latest patches from Microsoft will keep you reasonably safe. http://microsoft.com/windows/ie/down...al/default.asp or http://microsoft.com/ie It's a good idea to also keep Windows up to date with the latest service pack from Microsoft while you're at it. Finally you should go under the Tools -> Internet Options in IE and under the Security Tab disable things like Untrusted/unsigned Active X components that you don't really need. If you find that sites which used to load are no longer loading correctly, you might have to re-enable a few of these if you set the options 'too secure'.

If you have an always-on connection, a firewall such Zone Alarm from Zone Labs is a must http://www.zonealarm.com There is also a free version available if you want to give it a try.

Anti-Virus software like McAffee http://www.mcaffee.com or Norton http://www.symantec.com are also probably worth a few dollars in today's climate, especially if more than one person uses your computer (who might open a virus without thinking, for example kids or less-net savy friends/family memers). Of course keeping these up to date is essential, and still you should use caution.

Also watch out for freeware / shareware programs which install spy-ware or programs like gator which hijack your browser.

Based on the number of viruses I was receiving (about 25+ per day last week) I took the additional step of setting my mail server to delete any executable binary attachment (.pif, .scr, .bat, etc.) using procmail and “the E-mail Sanitizer” from http://www.impsec.org/email-tools/pr...-security.html and this has really helped. Just the time to check my email each day with all those binary attachments was getting to be too much.

Here’s a quick how-to for anyone running their own Linux/unix web/mail server:

Installing the Email Sanitizer for Procmail on your Linux Web/Mail Server

su -
cd /home/specific-account/etc
mkdir procmail
chmod 755 procmail
cd procmail
wget http://www.impsec.org/email-tools/ht...nomacroscan.gz
gzip -d html-trap.procmail.nomacroscan.gz
wget http://www.impsec.org/email-tools/poisoned-files
cp poisoned-files stripped-files

open stripped-files in your favorite text editor and delete the lines with extensions you don't want to have deleted.

cd ../
vi procmailrc
[insert]
PATH="/usr/bin:$PATH:/usr/local/bin"
SHELL=/bin/sh

STRIPPED_EXECUTABLES=/etc/procmail/stripped-files
STRIPPED_WARNING="
SECURITY ALERT!

A virus attachment was stripped from this message and discarded.
"

# Strip MS-TNEF attachments completely
SECURITY_STRIP_MSTNEF=yes

DEFANG_WEBBUGS=yes
SECRET="gfhjtki56jfh"

DROPPRIVS=YES
LOGFILE=$HOME/procmail.log

# Finished setting up, now run the sanitizer...
INCLUDERC=/etc/procmail/html-trap.procmail.nomacroscan
[esc]:x[return]

You might also be able to request your ISP install simple similar server-side filters like this, though many ISP’s are hesitant since they feel if they start filtering any viruses they could then be liable if one slips through.