Computing News
M A Y 2 0 0 2

Computing News

Computing News
Back Issues

Computer Security

Computing Infrastructure Support (CIS)

CIS Services

Computing Standards

Software Downloads

CIS Computer
Help Desk

CIS Help
Request Form

Unix Services
ISS
IMAP4
Calendaring


   
Monthly Virus Alert: Klez Worm and Related Hoaxes Flourishing, Leading to Self-Inflicted System Problems
 
Last month hundreds of viruses and worms attempted to make their way into LBNL, but were stopped and deleted by the LBNL VirusWall. Most prevalent of all by far was the destructive Klez worm (variants E, G, and H), followed by the now very familiar Sircam, then PE-Magristr.B, then the Nimda worm/virus. Klez infects Windows systems and then goes to the address book and files stored on the machine and sends infected messages to others using the addresses it finds as the sender. Users may thus receive notification that a virus was removed from a message they sent when their system was not infected -- very confusing, to say the least (see http://www.lbl.gov/ITSD/Security/vulnerabilities/virus-archive.html#klez).

LBNL users actually inflicted more damage on their systems last month than did viruses and worms did! Here is how they did it:

1. A hoax message apologizing for "infecting your system" is being sent around the Internet. It claims that your system's anti-virus software cannot find the virus, and you will have to delete jdbgmgr.exe (or, in another version of this hoax, sulfnbk.exe) to disinfect your system. jdbgmgr.exe and sulfnbk.exe are files that rightfully belong in your Windows system; whoever followed the message's instructions damaged their systems.

2. A hoax message with the subject "Klez.E immunity" is also being circulated. Whoever downloaded the so-called "immunity tool" that was attached infected their Windows systems with the deadly Klez.E worm.

3. A hoax message containing what it alleges is a new, wonderful screen saver called "height" (or some other name) is also being sent around the Internet. Anyone who downloaded the "screen saver" downloaded a malicious program that caused severe damage to Windows systems.

The moral of the story once again is--keep your system's anti-virus software up to date, do not open any attachments from someone you do not know, do not install "patches," "virus immunity tools," or "screensavers" that are being sent around the Internet, and do not follow instructions for eradicating viruses or worms that do not originate from the LBNL Computer Protection Program. If you are not sure what to do---STOP---and send email to cppm@lbl.gov!

Update in Virus Handling and Prevention Guidelines

Because of all the problems viruses and worms have caused recently, the virus handling and prevention guidelines have recently been updated with important new information. Check them out at http://www.lbl.gov/ITSD/Security/vulnerabilities/virus.html#handling.
Top | Return to Computing News