ZYRA's front page //// INTERNET //// e-mails //// site index

Also see: anti-virus measures

This item is a special feature of the ROGUES GALLERY OF SUSPICIOUS E-MAILS

Klez-E Immunity

You might be tempted to believe that there is a helpful person called Bethany at Niagara.com who is sending this free virus-immunity tool out to everyone at random. The question is then, why send it to harvested e-mail addresses and why include a random file from off the Internet somewhere? Also, why not reply to your e-mails?

This is in fact a very cunning way of fooling you into running a virus. Of course you don't have to believe me, you can just RUN IT, but if you do then your machine will probably start sending out messages to everyone pretending to give away a free Klez E worm immunity tool.

<attachments: All.pif , plus a random file grabbed off the Net>

----- Original Message -----
From: bethany
To: <your harvested e-mail here>
Sent: Tuesday, April 23, 2002 3:07 AM
Subject: Worm Klez.E immunity

Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me.

If you receive this, here's what to do: Don't run it, but instead look at the DETAILS in the PROPERTIES. This will reveal whose machine has actually sent it to you, ie the previous victim. E-mail them with a polite message informing them that their machine has caught a virus. On the e-mail that I received like this I had to word the response very carefully so as not to say anything that could be "content rejected".

Also, at PC Pitstop they say "Virus Warning May 3: The Klez.I worm has reached epidemic levels worldwide. Please make sure Outlook and Outlook Express use the Restricted zone, per our standard recommendations Don't be fooled by messages that tell you to run an attachment as an antidote to the worm -- they are the worm."

Another interesting point here is the consistency or lack of it. In the e-mail, the Klez-E is supposed to be so clever it can not be detected by Anti-Virus Software, however later in the same e-mail we read that the immunity tool acts as a fake worm which the software CAN detect!

But what about the GENERAL CASE? How can you tell if any message is or is not genuine? One of the easiest ways is to copy unique-looking bits of the message into a search engine and see if anyone has written about it being a hoax. A cleverer approach is to look at who the message appears to be from and then contact them by a method other than those described in the message. Ideally, when making your mind up about the truth or falsehood of things, get several independent sources of information about them.

Also see: anti-virus measures

And if you have any comments on any of this, or if you have anything to add, please e-mail