Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [802SEC] Virus alert




Yes,   I got six different variants each with a different source addresses
that we're stripped by our Boeing virus scanners.  
They all appear to be derivatives of the  W32.Klez.H@mm  virus which is
making the rounds right now.  Make sure your 
Anti-Virus defs are up to date because this one is new since April 17, 2002.
It has random subjects and random 
attachment names so it can be tricky to spot and is tough to remove if you
get hit.  For more info, check out: 

http://securityresponse.symantec.com/avcenter/venc/data/pf/w32.klez.h@mm.htm
l 


Thanx,  Buzz
Dr. Everett O. (Buzz) Rigsbee
Boeing SSG
PO Box 3707, M/S: 7M-FM
Seattle, WA  98124-2207
Ph:  (425) 865-2443
Fx:  (425) 865-6721
Email:  everett.o.rigsbee@boeing.com

-----Original Message-----
From: pat_thaler@agilent.com [mailto:pat_thaler@agilent.com]
Sent: Friday, April 19, 2002 1:46 PM
To: stds-802-sec@ieee.org
Subject: [802SEC] Virus alert


Someone is apparently sending out viruses to people they pick off reflectors
with fake sender addresses so they look like they came from someone on the
reflector.

A member of the Exec has received one that had my name in the from field but
looking at the header it appears to actually have originated from Eexegxp
(niovi.eng.auth.gr [155.207.18.74]. Some of the IETF reflectors have been
experiencing the same kind of attack.

Take care,
Pat