[ale] email virus? rehash.... with onions

[Jeff Hubbs]

Just so I understand the implications fully...

When Klez first spread in the wild, was it going undetected by the usual 
Windows anti-virus software, even if said software was using current 
updates of their signature files?

If so, then I find this VERY damning.

- Jeff

James P. Kinney III wrote:

> That brings up an interesting argument for the eradication of M$ on the
> corporate desktop. The viral spreading of confidential information could
> be viewed as a bigger security threat than just the headache and hassle
> of a network getting trashed by a bug going haywire.
> 
> On Tue, 2002-05-07 at 17:55, Irv Mullins wrote:
> 
>>On Tuesday 07 May 2002 05:29 pm, you wrote:
>>
>>>On Tue, 2002-05-07 at 17:07, Cade Thacker wrote:
>>>
>>>>I cleaned out my mail box the other day, so I don't have the discusion
>>>>that you all had the other day, but I just go a bounce back of an email I
>>>>did not send. Attached is a small file that "file" returns the following:
>>>>
>>>>border.bat: MS-DOS executable (EXE), OS/2 or MS Windows
>>>>
>>>>What was the summary of this puppy? something to do with W32/Klez?
>>>>
>>>http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.htm
>>>
>>Thanks for the confirmation.
>>It's interesting to take a look at the third (random, I guess) 
>>file that is attached to those worms. Using khexedit or similar,
>>I have found html, jpg's, and a "confidential" business report 
>>so far.
>>
>>We need smarter worms, which can look for pictures of "girlfriends"
>>to send out :p
>>
>>Regards,
>>Irv
>>
>>---
>>This message has been sent through the ALE general discussion list.
>>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
>>sent to listmaster at ale dot org.
>>




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.