Film-Tech Cinema Systems
  Home     Products     Store     Forum     Warehouse     Contact Us    
Film-Tech Forum ARCHIVE


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Has anyone received this virus?

   
Author Topic: Has anyone received this virus?
Michael Barry
Jedi Master Film Handler

Posts: 584
From: Sydney, NSW, Australia
Registered: Nov 1999

- posted 04-30-2002 08:31 PM      Profile for Michael Barry   Email Michael Barry   Send New Private Message       Edit/Delete Post 
Last night, I received a virus via email attachment. This has never happened to me before, so it's a bit of a novelty!

Fortunately, Norton Antivirus caught it so no harm was done.

It was the W32.Klez.gen@mm virus. It came attached to a file called border.pif

Has anyone else received this? Does anyone know what it does?

 |  IP: Logged

Mark Lensenmayer
Phenomenal Film Handler

Posts: 1605
From: Upper Arlington, OH
Registered: Sep 1999

- posted 04-30-2002 09:00 PM      Profile for Mark Lensenmayer   Email Mark Lensenmayer   Send New Private Message       Edit/Delete Post 
Here is just about everything you would want to know about this virus:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html


 |  IP: Logged

Jerry Chase
Phenomenal Film Handler

Posts: 1068
From: Margate, FL, USA
Registered: Nov 2000

- posted 04-30-2002 09:03 PM      Profile for Jerry Chase   Author's Homepage     Send New Private Message       Edit/Delete Post 
Yeah, I got a border.pif in some junk from ? China? Korea? somewhere over there. Agent doesn't open attachments, and I know the routine, so I just deleted it. As for what it does, most viruses make properly running computers run poorly. That means Windows computers should run better.


 |  IP: Logged

Scott Norwood
Film God

Posts: 8146
From: Boston, MA. USA (1774.21 miles northeast of Dallas)
Registered: Jun 99

- posted 04-30-2002 09:39 PM      Profile for Scott Norwood   Author's Homepage   Email Scott Norwood   Send New Private Message       Edit/Delete Post 
Yeah, this one is cute. It sets the From: header to look like someone randomly chosen from the infected computer user's address book (so it looks like it came from someone other than the person who actually propagated the worm) and contains both an executable attachment and a random file from the sender's computer.

It's only really an issue for Windows users who use unpatched versions of the MS Outlook mailer. Users of other mailers and/or platforms should be unaffected.

 |  IP: Logged

Paul G. Thompson
The Weenie Man

Posts: 4718
From: Mount Vernon WA USA
Registered: Nov 2000

- posted 04-30-2002 10:40 PM      Profile for Paul G. Thompson   Email Paul G. Thompson   Send New Private Message       Edit/Delete Post 
It seems like Outlook Express is compromised faster than Microsoft can fix it.

Every virus our computers at the radio station I work at came through Outlook Express.

I wish Microsoft would just dump that program and write one that works.


 |  IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000

- posted 05-02-2002 07:12 AM      Profile for Leo Enticknap   Author's Homepage   Email Leo Enticknap   Send New Private Message       Edit/Delete Post 
I think the reason that Outlook and OE are compromised so often is that, because Outlook is given away with Office and OE is given away with Windows, these are programs that the virus writers specifically target because they've got the highest user base. When anyone asks me for advice on virus prevention, one of my first suggestions is to ditch OE and use another client instead - Eudora, for example, has a 'disallow HTML exectuable content in messages' feature. So with HTML-encoded emails it'll still display graphics, formatting and stuff but will not execute any commands.

As for Klez, I had one every day for about a week from my local art cinema - its email listings computer got infected, and I gather that the network awareness of this virus (I believe the term 'blended threat' is not being used to describe a combination of a worm, virus and network-aware dropper) caused havoc throughout the building. As soon as they'd cleared it off one machine it was reinfected from another on the LAN.

It won't do anything to your computer if you don't run the attachment and either (i) are not on a local network, or (ii) you have a firewall installed and set up correctly.

 |  IP: Logged



All times are Central (GMT -6:00)  
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
- Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.