IMPORTANT: A Windows virus is spreading through the Tiki Community

**IMPORTANT: There’s a virus going around that infects email programs. It is not tiki-specific, but it has managed to make its way into the inboxes of Tiki Central members, so it’s making it’s way around the Tiki social circles right now. **

Since the virus panic, I thought I’d post some stuff about the Virus here. I deleted the old thread because it had a lot of incorrect information and required a lot of reading to get to the straight dope.

• Fact: Tiki Central was NOT affected. Your email address, entered in the Tiki Central database, is safe from the virus.

• Fact: Tiki Central does not use an address book. It uses a SQL database running on a Unix server. The Klez virus runs on Windows with Intel processors. The Tiki Central software does not receive any email. There’s no way this virus can affect Tiki Central.

• Fact: I use Yahoo Mail for my personal email and it is completely up to date with anti-virus software that scans (and inoculates) every email received. Additionally, my guess is Yahoo servers don’t run on Windows. I am confident that Yahoo mail cannot be infected with Klez.

• Fact: Klez has many different variants, but it commonly fakes the “from:” address so it looks like it is coming from a person who it didn’t. So chances are if you get an infected email, it DIDN’T actually come from the person the email says it did. I didn’t spread the Klez virus to anyone. Tiki Central email addresses are well protected.

There is a LOT of misinformation about this virus. Don’t believe most of what you read. In general, anti-virus websites have the straight dope on it. I didn't know much about the virus until today when I read up on it on a couple of different anti-virus websites.

**What you can do to protect yourself: **

• If anyone (even someone you know) sends you an attachment, don’t open it unless you’ve checked it with a virus checker.

• Watch out for double extensions on attachments. Klez masks it’s virus files this way. A “JPG” photo with a double extension like this: Tikibar.jpg.exe is not a JPG picture at all but actually an executable file that could be a virus. DO NOT click it.

• Outlook has a flaw where you can get the virus just by reading the email containing the infected attachment. If you use Outlook as your email reader, make sure it is up to date. You can use Windows Update (usually the topmost item in the start bar), or try this link: http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp

• I encourage everyone to get an up-to-date virus checker. I use Norton (it doesn’t just check email but it checks web pages, hard drives, and installed software). It has kept me from getting webpage viruses and email viruses. Norton updates itself every few days to make sure it is up-to-date.

And, just to clear things up, when I was first contacted about the virus going around a few Tiki Central members I didn’t think to post about it here. This is because this virus is about a year old and I assumed most people had anti-virus software that would catch it. Plus, since it didn’t originate from Tiki Central servers I didn’t think it would have spread through the Tiki community like it has. I’ve learned to not underestimate the power of a virus.

Here’s a web page that contains a lot of details on Klez, including screenshots, sample subject lines, and more:

http://www.europe.f-secure.com/v-descs/klez.shtml

Hope all this helps,

Hanford

[ Edited by: hanford_lemoore on 2003-02-03 13:42 ]

One more thing to add:

If you're on a Macintosh, you have nothing to worry about, whatsoever.
Just delete it.

Macs are Klez-proof (and MOST-other-virus-proof), since Klez and most other viruses are written for PCs.

One more reason to switch...

Whew....

When I read the subject line I thought you ment the clap was going around or something.

Also, thanks James for easing my mind on the Mac situation. I got the virus and and it didn't end up working on my Mac. I hope you all see the same luck that I saw.

Come to think of it, KLEZ sounds like a good name for the clap!

"That guy gave me Klez. Not too Zazz of him!"

Great suggestions, Hanford, but I have one more:

Keep your Windows software up-to-date with Windows Update. Most viruses take advantage of vulnerabilities in Windows and Microsoft programs like Outlook and Internet Explorer. To update Windows simply go to "Start/Windows Update" or in IE use "Tools/Windows Update", say "Yes" to security warnings, and install all Critical Updates - but always back up your important files before doing so. Anti-virus programs are still useful for newer viruses but the vulnerability that the KLEZ worm takes advantage of was removed a long time ago in a Windows Critical Update patch. Be sure and get an anti-virus program that automatically downloads updates at least daily. Good programs are made by Symantec, Trend Micro, and Norton.

Or buy a Mac! I am the IT manager at my work and we use strictly Windows PCs but at home I have always used a Mac and have never been attacked by a virus.

Jab,

Good point. But according to the websites I read, although Klez can take advantage of the flaws in Outlook, it is not limited by it. Even if you have a fully updated version of Outlook, or you're not using Outlook at all, if you open the attachment, you'll still get infected with Klez.

At least that's what I understood from the virus websites I checked out.

If you do use a Mac, you should still run up-to-date anti-virus software. It only takes 1 virus (no matter how rare) to ruin your day/month/career etc.

Likewise, I have been using Windows heavily since 1993 and I have never been infected with a virus thanks to Anti-virus software and never opening attachments other than GIF or JPG.

~Hanford

Yeah that's true about the infection Hanford. The virus will also infect your executable file .exe's. Therefore everytime you launch an infected program you are reinfecting yourself, which will start to slow your PC down considerably. Usually the exe files I have seen that were infected were the ones that launch quickbooks, MS access, scanner software and kodak software. You just have to reload the programs after the virus has been removed. As a matter of fact i am removing it from 2 people' machine as I write this. Ahh KLEZ the anti-ZAZZ

One safe way to deal with this. Delete any attachment you were not specifically expecting. Aside from viruses, attachments can also include things you do not want on your computer, such as "trojan horse" programs that only send out one email, containing passwords, credit card numbers, etc. There are also programs that allow a remote user to use you and your internet connection as a host to trade in illicit materials. I say delete all mail with atachments. you can then, in a seperate mail you can ask what it was, and they can send it again. If it was from someone you don't know, you didn't want it anyway.

Just to let you all know, I got the Klez today. I took Poly Pop's advice last week and added the aaaa address. Also my Norton Anti-virus software took care of the problem automatically. That's cool.

Yet another security tip for those of us using Windows and Outlook Express (most of us probably): after getting version 6, open the Tools > Options menu and go to the "Read" tab. Un-tick the box that says "Automatically download the message when viewing in the Preview Pane". this prevents the virus from executing when you highlight the new email. You can also tick the boxes in the "Security" tab that read "Warn me when other applications try to send mail as me", and "Do not allow attachments to be saved or opened that could potentially be a virus". This last is the only setting that will completely prevent you from accessing attachments, so if you've received one you know you were meant to, just go back to Tools > Options and un-tick it.

safe and happy mailing,
emspace.

Another tip, along the lines of "buy a Mac", is that Eudora is proof against these windows viri. try replacing Outlook with Eudora from http://www.eudora.com , and the basic version's free.

Go to http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=klez+eudora
Eudora can bring in the virus just as well as Outlook or Outlook express. Eudora is not a solution. It may or may not forward the infected email to others in your address book, but you will suffer from the virus. It will overwrite .exe files running in place of them, making your machine slower and slower. I have customers that use it because they were not satified with IE or Outlook. I have removed the Klez from all of their machines that got email, and installed an antivirus to run and check all new and changed files. Save some money, buy an anti-virus. In the long run it's cheaper that way. You won't have to pay someone to remove the virus, won't have to reinstall programs and will know you are not spreading the viruses. I use Panda Software's Titanium. Updates whenever there is an internet connection. Also updates daily.
http://www.pandasoftware.com/products/titanium/
No I don't work for them, I am just a satisfied customer.

Tacky Techie Tiki Bar

[ Edited by: Turbogod on 2003-02-19 10:21 ]