Re: GroupWise - Guinevere - Klez.H traffic Increase :VSMail mx5

["Lisa LAFLEUR" <LLafleu () firstfedamerica com>]

Good to talk so someone else using GroupWise and Guinevere!  

Anyway, I have had frequent spurts of traffic from Klez H.  It is still
the most popular and it doesn't take long at all to tell why.  If one
person's home computer has the klez virus and also happens to have many
of the people in your company on their address book, then, you will
start getting tons of email.  Always from a different sender, always to
the same individuals.  All you can really do is wait until the truly
infected person figures out that they have a virus.  It can be a long
wait.  

I would speak to the users who are getting the message and see if you
can identify a list of suspects with whom all of the individuals have
had contact with.  In any case, thank the lord you use GroupWise and not
Outlook because I'm sure you realize how much that has saved on virus
prevention!

Lisa Lafleur, CISSP, CNE

> > > "Eric Zatko" <EZatko () co lucas oh us> 3/11/2003 4:35:29 PM >>>
Good afternoon my friends.

I am wondering if any of you can shed some light on this bit of
information that I have. Here is the background:

We are running GroupWise e-mail... with Guinevere antivirus scanner for
inbound and outbound Internet e-mail... which integrates with our Norton
AV to detect, block and/or clean messages.

We are getting more and more e-mail each and every day that is being
blocked/cleaned/stripped of attachments containing the Klez.H virus.

Now, one of two things appears to be happening... either we are being
targeted for some reason (intentionally or unintentionally), or there is
an increase in Klez.H traffic... which would be amazing since it (the
original Klez.A) has been in the wild for such a long time (October,
2001).

Any thoughts... ideas... or advice?

My sincere thanks in advance.
Eric