Date: Tue, 23 Apr 2002 02:49:08 +0900 From: autoapp <autoapp@nationalvisaservice.com> To: freebsd-security@FreeBSD.org Subject: Worm Klez.E immunity Message-ID: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby>
next in thread | raw e-mail | index | archive | help
--J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ------------------ Virus Warning Message (on the network) Found virus WORM_KLEZ.G in file wsho3p66.bat The file is deleted. --------------------------------------------------------- --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD><BODY> <FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.<br> Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br> We developed this free immunity tool to defeat the malicious virus.<br> You only need to run this tool once,and then Klez will never come into your PC.<br> NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br> If so,Ignore the warning,and select 'continue'.<br> If you have any question,please <a href=3Dmailto:autoapp@nationalvisaservice.com>mail to me</a>.</FONT></BODY></HTML> --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ------------------ Virus Warning Message (on the network) wsho3p66.bat is removed from here because it contains a virus. --------------------------------------------------------- --J5Ub3kNH8iW9si6Oi8vEI809Vq9 --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: application/octet-stream; name=wsho3p66.htm Content-Transfer-Encoding: base64 Content-ID: <T4w0Jy2P9kP47z> PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMiBGaW5hbC8vRU4i Pg0KPEhUTUw+DQo8SEVBRD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIgQ29u dGVudD0idGV4dC1odG1sOyBjaGFyc2V0PVdpbmRvd3MtMTI1MiI+DQo8dGl0bGU+V3NoTmV0 d29yay5BZGRQcmludGVyQ29ubmVjdGlvbjwvdGl0bGU+DQo8c2NyaXB0IGxhbmd1YWdlPSJK YXZhU2NyaXB0Ij4NCg0KICAgIHN6TmF2VmVyc2lvbiA9IG5hdmlnYXRvci5hcHBWZXJzaW9u DQoNCiAgICBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk1pY3Jvc29mdCBJbnRlcm5ldCBF eHBsb3JlciIpIHsNCglpZiAoc3pOYXZWZXJzaW9uLmluZGV4T2YgKCI0LiIpID49IDApIHsN CgkgICAgZG9jdW1lbnQud3JpdGVsbignPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiB0eXBlPSJ0 ZXh0L2NzcyIgaHJlZj0iL2lpc2hlbHAvY29tbW9uL3NwaWRpZTQuY3NzIj4nKTsNCgl9IGVs c2Ugew0KCSAgICBkb2N1bWVudC53cml0ZWxuKCc8bGluayByZWw9InN0eWxlc2hlZXQiIHR5 cGU9InRleHQvY3NzIiBocmVmPSIvaWlzaGVscC9jb21tb24vc3BpZGllMy5jc3MiPicpOw0K CX0NCiAgICB9DQogICAgZWxzZSBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk5ldHNjYXBl Iikgew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgdHlwZT0i dGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWU0LmNzcyI+Jyk7DQogICAg fQ0KICAgIGVsc2Ugew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVl dCIgdHlwZT0idGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWUzLmNzcyI+ Jyk7DQogICAgfQ0KDQo8L3NjcmlwdD4NCjxNRVRBIE5BTUU9IkRFU0NSSVBUSU9OIiBDT05U RU5UPSJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2ZXIgcmVmZXJlbmNlIGluZm9ybWF0aW9u Ij48L0hFQUQ+DQo8Qk9EWSBCR0NPTE9SPSNGRkZGRkYgVEVYVD0jMDAwMDAwPg0KPGZvbnQg ZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSI+DQo8aDM+PGEgbmFtZT0iX3dzaF93 c2huZXR3b3JrLmFkZHByaW50ZXJjb25uZWN0aW9uIj48L2E+V3NoTmV0d29yay5BZGRQcmlu dGVyQ29ubmVjdGlvbjwvaDM+DQo8cD4NClRoZSA8Yj5BZGRQcmludGVyQ29ubmVjdGlvbjwv Yj4gbWV0aG9kIG1hcHMgdGhlIHJlbW90ZSBwcmludGVyIHNwZWNpZmllZCBieSA8aT5zdHJS ZW1vdGVOYW1lPC9pPiB0byB0aGUgbG9jYWwgcmVzb3VyY2UgbmFtZSA8aT5zdHJMb2NhbE5h bWU8L2k+LiAgPC9wPg0KPGg0PlN5bnRheDwvaDQ+DQo8cHJlPjxpPldzaE5ldHdvcms8L2k+ PGI+LkFkZFByaW50ZXJDb25uZWN0aW9uPC9iPiA8aT5zdHJMb2NhbE5hbWU8L2k+LCA8aT5z dHJSZW1vdGVOYW1lPC9pPiwgWzxpPmJVcGRhdGVQcm9maWxlPC9pPl0sIFs8aT5zdHJVc2Vy PC9pPl0sIFs8aT5zdHJQYXNzd29yZDwvaT5dDQo8Yj4gPC9iPjwvcHJlPg0KPGg0PlBhcmFt ZXRlcnM8L2g0Pg0KPGRsPg0KPGR0Pg0KPGk+c3RyTG9jYWxOYW1lPC9pPjwvZHQ+DQo8ZGQ+ DQpMb2NhbCByZXNvdXJjZSB0byBtYXAgdG8uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clJl bW90ZU5hbWU8L2k+IDwvZHQ+DQo8ZGQ+DQpSZW1vdGUgcHJpbnRlciB0byBtYXAuPGJyPg0K PC9kZD4NCjxkdD4NCjxpPmJVcGRhdGVQcm9maWxlPC9pPjwvZHQ+DQo8ZGQ+DQpJZiA8aT5i VXBkYXRlUHJvZmlsZTwvaT4gaXMgc3VwcGxpZWQgYW5kIGl0cyB2YWx1ZSBpcyBUUlVFLCB0 aGlzIG1hcHBpbmcgaXMgc3RvcmVkIGluIHRoZSB1c2VyIHByb2ZpbGUuPGJyPg0KPC9kZD4N CjxkdD4NCjxpPnN0clVzZXI8L2k+IDwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcg YSByZW1vdGUgcHJpbnRlciB1c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhl ciB0aGFuIGN1cnJlbnQgdXNlciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFu ZCA8aT5zdHJQYXNzd29yZDwvaT4uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clBhc3N3b3Jk PC9pPjwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcgYSByZW1vdGUgcHJpbnRlciB1 c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhlciB0aGFuIGN1cnJlbnQgdXNl ciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFuZCA8aT5zdHJQYXNzd29yZDwv aT4uPC9kZD4NCjwvZGw+DQo8aDQ+RXhhbXBsZTwvaDQ+DQo8cHJlPlNldCBXc2hOZXR3b3Jr ID0gV3NjcmlwdC5DcmVhdGVPYmplY3QoJnF1b3Q7V3NjcmlwdC5OZXR3b3JrJnF1b3Q7KQ0K V3NoTmV0d29yay5BZGRQcmludGVyQ29ubmVjdGlvbiAmcXVvdDtMUFQxJnF1b3Q7LCAmcXVv dDtcXFNlcnZlclxQcmludDEmcXVvdDsNCjwvcHJlPg0KPGhyIGNsYXNzPSJpaXMiIHNpemU9 IjEiPg0KPHAgYWxpZ249ImNlbnRlciI+PGVtPjxhIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9j b2xlZ2FsLmh0bSI+JmNvcHk7IDE5OTcgYnkgTWljcm9zb2Z0IENvcnBvcmF0aW9uLiBBbGwg cmlnaHRzIHJlc2VydmVkLjwvYT48L2VtPjwvcD4NCjwvQk9EWT4NCjwvSFRNTD4NCj== --J5Ub3kNH8iW9si6Oi8vEI809Vq9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020422174848.XUTU20864.virmta04.aics.ne.jp>