Klez virus

Discussion in 'Software' started by duluthboats, May 20, 2002.

  1. duluthboats
    Joined: Mar 2002
    Posts: 1,604
    Likes: 57, Points: 58, Legacy Rep: 779
    Location: Minneapolis,MN, USA

    duluthboats Senior Dreamer

    :mad:
    Just a word of warning about a virus that has been showing up in my e-mail. It was once a week, now I’m getting 3-4 a day. I have good security and so far have not been infected. Here is a discussion of the Klez virus on a different forum that explains it better than I can. I guess this is life on the internet.

    http://media5.hypernet.com/ubb/ultimatebb.php?ubb=get_topic;f=5;t=004715


    Be careful out there.
    Gary
     
  2. Jeff
    Joined: Jun 2001
    Posts: 1,368
    Likes: 71, Points: 58, Legacy Rep: 923
    Location: Great Lakes

    Jeff Moderator

    Yes, I too have noticed that the number of viruses received each day via email is 10x more now than last year at this time :(

    The practice of not opening any attachment that you do not recognize and keeping IE and OE up to date with the latest patches from Microsoft will keep you reasonably safe. http://microsoft.com/windows/ie/downloads/critical/default.asp or http://microsoft.com/ie It's a good idea to also keep Windows up to date with the latest service pack from Microsoft while you're at it. Finally you should go under the Tools -> Internet Options in IE and under the Security Tab disable things like Untrusted/unsigned Active X components that you don't really need. If you find that sites which used to load are no longer loading correctly, you might have to re-enable a few of these if you set the options 'too secure'.

    If you have an always-on connection, a firewall such Zone Alarm from Zone Labs is a must http://www.zonealarm.com There is also a free version available if you want to give it a try.

    Anti-Virus software like McAffee http://www.mcaffee.com or Norton http://www.symantec.com are also probably worth a few dollars in today's climate, especially if more than one person uses your computer (who might open a virus without thinking, for example kids or less-net savy friends/family memers). Of course keeping these up to date is essential, and still you should use caution.

    Also watch out for freeware / shareware programs which install spy-ware or programs like gator which hijack your browser.

    Based on the number of viruses I was receiving (about 25+ per day last week) I took the additional step of setting my mail server to delete any executable binary attachment (.pif, .scr, .bat, etc.) using procmail and “the E-mail Sanitizer” from http://www.impsec.org/email-tools/procmail-security.html and this has really helped. Just the time to check my email each day with all those binary attachments was getting to be too much.

    Here’s a quick how-to for anyone running their own Linux/unix web/mail server:

    Installing the Email Sanitizer for Procmail on your Linux Web/Mail Server

    su -
    cd /home/specific-account/etc
    mkdir procmail
    chmod 755 procmail
    cd procmail
    wget http://www.impsec.org/email-tools/html-trap.procmail.nomacroscan.gz
    gzip -d html-trap.procmail.nomacroscan.gz
    wget http://www.impsec.org/email-tools/poisoned-files
    cp poisoned-files stripped-files

    open stripped-files in your favorite text editor and delete the lines with extensions you don't want to have deleted.

    cd ../
    vi procmailrc
    [insert]
    PATH="/usr/bin:$PATH:/usr/local/bin"
    SHELL=/bin/sh

    STRIPPED_EXECUTABLES=/etc/procmail/stripped-files
    STRIPPED_WARNING="
    SECURITY ALERT!

    A virus attachment was stripped from this message and discarded.
    "

    # Strip MS-TNEF attachments completely
    SECURITY_STRIP_MSTNEF=yes

    DEFANG_WEBBUGS=yes
    SECRET="gfhjtki56jfh"

    DROPPRIVS=YES
    LOGFILE=$HOME/procmail.log

    # Finished setting up, now run the sanitizer...
    INCLUDERC=/etc/procmail/html-trap.procmail.nomacroscan
    [esc]:x[return]

    You might also be able to request your ISP install simple similar server-side filters like this, though many ISP’s are hesitant since they feel if they start filtering any viruses they could then be liable if one slips through.
     
Loading...
Similar Threads
  1. GTO
    Replies:
    2
    Views:
    1,842
Forum posts represent the experience, opinion, and view of individual users. Boat Design Net does not necessarily endorse nor share the view of each individual post.
When making potentially dangerous or financial decisions, always employ and consult appropriate professionals. Your circumstances or experience may be different.