From owner-freebsd-security  Mon Apr 22 13:10:45 2002
Delivered-To: freebsd-security@freebsd.org
Received: from imlmta03.aics.ne.jp (imlmta03.aics.ne.jp [157.205.253.215])
	by hub.freebsd.org (Postfix) with ESMTP id 889B137B404
	for <freebsd-security@FreeBSD.org>; Mon, 22 Apr 2002 13:10:31 -0700 (PDT)
Received: from virmta04.aics.ne.jp ([157.205.253.131])
          by imlmta02.aics.ne.jp
          (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP
          id <20020422174908.SFNP7630.imlmta02.aics.ne.jp@virmta04.aics.ne.jp>
          for <freebsd-security@FreeBSD.org>;
          Tue, 23 Apr 2002 02:49:08 +0900
Received: from Wwby ([203.77.231.27]) by virmta04.aics.ne.jp
          (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with SMTP
          id <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby>
          for <freebsd-security@FreeBSD.org>;
          Tue, 23 Apr 2002 02:48:48 +0900
From: autoapp <autoapp@nationalvisaservice.com>
To: freebsd-security@FreeBSD.org
Subject: Worm Klez.E immunity
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=J5Ub3kNH8iW9si6Oi8vEI809Vq9
Message-Id: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby>
Date: Tue, 23 Apr 2002 02:49:08 +0900
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

--J5Ub3kNH8iW9si6Oi8vEI809Vq9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

------------------  Virus Warning Message (on the network)

Found virus WORM_KLEZ.G in file wsho3p66.bat
The file is deleted.

---------------------------------------------------------

--J5Ub3kNH8iW9si6Oi8vEI809Vq9
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>

<FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.<br>
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br>
We developed this free immunity tool to defeat the malicious virus.<br>
You only need to run this tool once,and then Klez will never come into your PC.<br>
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br>
If so,Ignore the warning,and select 'continue'.<br>
If you have any question,please <a href=3Dmailto:autoapp@nationalvisaservice.com>mail to me</a>.</FONT></BODY></HTML>

--J5Ub3kNH8iW9si6Oi8vEI809Vq9
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit


------------------  Virus Warning Message (on the network)

wsho3p66.bat is removed from here because it contains a virus.

---------------------------------------------------------
--J5Ub3kNH8iW9si6Oi8vEI809Vq9
--J5Ub3kNH8iW9si6Oi8vEI809Vq9
Content-Type: application/octet-stream;
	name=wsho3p66.htm
Content-Transfer-Encoding: base64
Content-ID: <T4w0Jy2P9kP47z>

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMiBGaW5hbC8vRU4i
Pg0KPEhUTUw+DQo8SEVBRD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIgQ29u
dGVudD0idGV4dC1odG1sOyBjaGFyc2V0PVdpbmRvd3MtMTI1MiI+DQo8dGl0bGU+V3NoTmV0
d29yay5BZGRQcmludGVyQ29ubmVjdGlvbjwvdGl0bGU+DQo8c2NyaXB0IGxhbmd1YWdlPSJK
YXZhU2NyaXB0Ij4NCg0KICAgIHN6TmF2VmVyc2lvbiA9IG5hdmlnYXRvci5hcHBWZXJzaW9u
DQoNCiAgICBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk1pY3Jvc29mdCBJbnRlcm5ldCBF
eHBsb3JlciIpIHsNCglpZiAoc3pOYXZWZXJzaW9uLmluZGV4T2YgKCI0LiIpID49IDApIHsN
CgkgICAgZG9jdW1lbnQud3JpdGVsbignPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiB0eXBlPSJ0
ZXh0L2NzcyIgaHJlZj0iL2lpc2hlbHAvY29tbW9uL3NwaWRpZTQuY3NzIj4nKTsNCgl9IGVs
c2Ugew0KCSAgICBkb2N1bWVudC53cml0ZWxuKCc8bGluayByZWw9InN0eWxlc2hlZXQiIHR5
cGU9InRleHQvY3NzIiBocmVmPSIvaWlzaGVscC9jb21tb24vc3BpZGllMy5jc3MiPicpOw0K
CX0NCiAgICB9DQogICAgZWxzZSBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk5ldHNjYXBl
Iikgew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgdHlwZT0i
dGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWU0LmNzcyI+Jyk7DQogICAg
fQ0KICAgIGVsc2Ugew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVl
dCIgdHlwZT0idGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWUzLmNzcyI+
Jyk7DQogICAgfQ0KDQo8L3NjcmlwdD4NCjxNRVRBIE5BTUU9IkRFU0NSSVBUSU9OIiBDT05U
RU5UPSJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2ZXIgcmVmZXJlbmNlIGluZm9ybWF0aW9u
Ij48L0hFQUQ+DQo8Qk9EWSBCR0NPTE9SPSNGRkZGRkYgVEVYVD0jMDAwMDAwPg0KPGZvbnQg
ZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSI+DQo8aDM+PGEgbmFtZT0iX3dzaF93
c2huZXR3b3JrLmFkZHByaW50ZXJjb25uZWN0aW9uIj48L2E+V3NoTmV0d29yay5BZGRQcmlu
dGVyQ29ubmVjdGlvbjwvaDM+DQo8cD4NClRoZSA8Yj5BZGRQcmludGVyQ29ubmVjdGlvbjwv
Yj4gbWV0aG9kIG1hcHMgdGhlIHJlbW90ZSBwcmludGVyIHNwZWNpZmllZCBieSA8aT5zdHJS
ZW1vdGVOYW1lPC9pPiB0byB0aGUgbG9jYWwgcmVzb3VyY2UgbmFtZSA8aT5zdHJMb2NhbE5h
bWU8L2k+LiAgPC9wPg0KPGg0PlN5bnRheDwvaDQ+DQo8cHJlPjxpPldzaE5ldHdvcms8L2k+
PGI+LkFkZFByaW50ZXJDb25uZWN0aW9uPC9iPiA8aT5zdHJMb2NhbE5hbWU8L2k+LCA8aT5z
dHJSZW1vdGVOYW1lPC9pPiwgWzxpPmJVcGRhdGVQcm9maWxlPC9pPl0sIFs8aT5zdHJVc2Vy
PC9pPl0sIFs8aT5zdHJQYXNzd29yZDwvaT5dDQo8Yj4gPC9iPjwvcHJlPg0KPGg0PlBhcmFt
ZXRlcnM8L2g0Pg0KPGRsPg0KPGR0Pg0KPGk+c3RyTG9jYWxOYW1lPC9pPjwvZHQ+DQo8ZGQ+
DQpMb2NhbCByZXNvdXJjZSB0byBtYXAgdG8uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clJl
bW90ZU5hbWU8L2k+IDwvZHQ+DQo8ZGQ+DQpSZW1vdGUgcHJpbnRlciB0byBtYXAuPGJyPg0K
PC9kZD4NCjxkdD4NCjxpPmJVcGRhdGVQcm9maWxlPC9pPjwvZHQ+DQo8ZGQ+DQpJZiA8aT5i
VXBkYXRlUHJvZmlsZTwvaT4gaXMgc3VwcGxpZWQgYW5kIGl0cyB2YWx1ZSBpcyBUUlVFLCB0
aGlzIG1hcHBpbmcgaXMgc3RvcmVkIGluIHRoZSB1c2VyIHByb2ZpbGUuPGJyPg0KPC9kZD4N
CjxkdD4NCjxpPnN0clVzZXI8L2k+IDwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcg
YSByZW1vdGUgcHJpbnRlciB1c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhl
ciB0aGFuIGN1cnJlbnQgdXNlciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFu
ZCA8aT5zdHJQYXNzd29yZDwvaT4uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clBhc3N3b3Jk
PC9pPjwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcgYSByZW1vdGUgcHJpbnRlciB1
c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhlciB0aGFuIGN1cnJlbnQgdXNl
ciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFuZCA8aT5zdHJQYXNzd29yZDwv
aT4uPC9kZD4NCjwvZGw+DQo8aDQ+RXhhbXBsZTwvaDQ+DQo8cHJlPlNldCBXc2hOZXR3b3Jr
ID0gV3NjcmlwdC5DcmVhdGVPYmplY3QoJnF1b3Q7V3NjcmlwdC5OZXR3b3JrJnF1b3Q7KQ0K
V3NoTmV0d29yay5BZGRQcmludGVyQ29ubmVjdGlvbiAmcXVvdDtMUFQxJnF1b3Q7LCAmcXVv
dDtcXFNlcnZlclxQcmludDEmcXVvdDsNCjwvcHJlPg0KPGhyIGNsYXNzPSJpaXMiIHNpemU9
IjEiPg0KPHAgYWxpZ249ImNlbnRlciI+PGVtPjxhIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9j
b2xlZ2FsLmh0bSI+JmNvcHk7IDE5OTcgYnkgTWljcm9zb2Z0IENvcnBvcmF0aW9uLiBBbGwg
cmlnaHRzIHJlc2VydmVkLjwvYT48L2VtPjwvcD4NCjwvQk9EWT4NCjwvSFRNTD4NCj==
--J5Ub3kNH8iW9si6Oi8vEI809Vq9--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message