 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Because Klez tries to infect target machines by using the IE 5x malformed
MIME bug, it's attachments don't show up in my version of Netscape.
Paradoxically, this malformed header ALSO prevents Norton AV from
recognizing that the file contains the virus!
I had to change the content-type in the email before Norton tripped, which
I consider a lapse in Norton's detection mechanism.
Bill
-----Original Message-----
From: Derek Atkins [SMTP:warlord at MIT.EDU]
Sent: Thursday, May 23, 2002 4:35 PM
To: John Abreau
Cc: discuss at blu.org
Subject: Re: BLU server and spam
Klez usually sends mail in html with a real file and then the virus
attached. Generally it appears to be 1500+ lines of mail. I was up
to about 50 Klez messages a day! Once a Klez-filter was put in place,
I'm down to about 15 spam messages per day. Not too bad, IMHO.
-derek
John Abreau <jabr at blu.org> writes:
> Derek Atkins <warlord at MIT.EDU> writes:
>
> > Klez? The email virus that's been going around?
>
> I just looked it up on google. Yet another Windows virus, I see. I did
> notice a few messages that began with "TVqQAAMAAAAEAAAA"; is that Klez?
> However, most of the messages I referred to as spam were html payloads
> with subject lines about hot asian babes or penis enlargers or saving
> money on mortgages. I have exmh configured to defer rendering html, and
> I usually just delete them.
>
>
> --
> John Abreau / Executive Director, Boston Linux & Unix
> ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
> Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
> PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
>
> "The early bird catches the worm, but the second mouse gets the cheese."
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
_______________________________________________
Discuss mailing list
Discuss at blu.org
http://www.blu.org/mailman/listinfo/discuss
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
