[NIFL-WORKPLACE:523] virus...

From: Barb Van Horn (blv1@psu.edu)
Date: Fri Apr 26 2002 - 14:43:10 EDT 

Return-Path: <nifl-workplace@literacy.nifl.gov>
Received: from literacy (localhost [127.0.0.1]) by literacy.nifl.gov (8.10.2/8.10.2) with SMTP id g3QIhAu23172; Fri, 26 Apr 2002 14:43:10 -0400 (EDT)
Date: Fri, 26 Apr 2002 14:43:10 -0400 (EDT)
Message-Id: <p05001909b8ef4eafc60f@[146.186.96.31]>
Errors-To: listowner@literacy.nifl.gov
Reply-To: nifl-workplace@literacy.nifl.gov
Originator: nifl-workplace@literacy.nifl.gov
Sender: nifl-workplace@literacy.nifl.gov
Precedence: bulk
From: Barb Van Horn <blv1@psu.edu>
To: Multiple recipients of list <nifl-workplace@literacy.nifl.gov>
Subject: [NIFL-WORKPLACE:523] virus...
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Status: RO
Content-Length: 1963
Lines: 50

You probably received a message from the NIFL-workplace list with the 
subject heading: Introduction on ADSL.

DO NOT OPEN any attachment you might have received with that message. 
It has a virus. Similar messages have been showing up on other NIFL 
lists and in personal email.

 From NIFL's technology person:

The virus warning is valid.  There are several versions of the KLEZ virus in
the wild.  Best bet it to be aware of what email attachments you open.  If
you don't know who the attachments are from and don't know what the
attachments are don't open them.
--
Lashley H. Mann II | Titan Systems | www.titansystemscorp.com/testeval
Email: lmann@titan.com | Voice: 301-925-3222 | Fax: 301-925-3216

-----Original Message-----
Subject: A virus warning for NIFL-Health

VIRUS WARNING

Formally known as W32/Klez.h@MM, the virus masquerades itself
as a free virus immunity tool.

W32/Klez.h@MM has the ability to infect computers using a known
MIME-header vulnerability in Microsoft Internet Explorer for Windows (IE
5.01 or 5.5 without Service Pack 2.)  Opening or even previewing the
message can cause infection.  It also can spoof the "From:" header in
messages, thereby making the recipient think that it is coming from a
valid source.  Lastly, it attempts to unload anti-virus processes on
computers with anti-virus software.

Once infected, the virus spreads by copying itself to network shares
(assuming appropriate permissions) and by E-mailing copies of itself to
addresses in the Windows Address Book.

Full details of the virus including removal instructions can be found
here:

             http://vil.mcafee.com/dispVirus.asp?virus_k=99455
<http://vil.mcafee.com/dispVirus.asp?virus_k=99455>


-- 
Barb Van Horn (M.Ed., Reading)
Co-Director, Institute for the Study of Adult Literacy
and Goodling Institute for Research in Family Literacy
College of Education, Penn State University
BLV1@PSU.EDU (e-mail)	814-865-5876 (phone)	814-863-6108 (fax)

This archive was generated by hypermail 2b30 : Fri Jan 17 2003 - 14:41:22 EST