Security Basics mailing list archives

GroupWise - Guinevere - Klez.H traffic Increase

From: "Eric Zatko" <EZatko () co lucas oh us>
Date: Tue, 11 Mar 2003 16:35:29 -0500

Good afternoon my friends.

I am wondering if any of you can shed some light on this bit of information that I have. Here is the background:

We are running GroupWise e-mail... with Guinevere antivirus scanner for inbound and outbound Internet e-mail... which 
integrates with our Norton AV to detect, block and/or clean messages.

We are getting more and more e-mail each and every day that is being blocked/cleaned/stripped of attachments containing 
the Klez.H virus.

Now, one of two things appears to be happening... either we are being targeted for some reason (intentionally or 
unintentionally), or there is an increase in Klez.H traffic... which would be amazing since it (the original Klez.A) 
has been in the wild for such a long time (October, 2001).

Any thoughts... ideas... or advice?

My sincere thanks in advance.
Eric

Current thread:

GroupWise - Guinevere - Klez.H traffic Increase Eric Zatko (Mar 12)
- RE: GroupWise - Guinevere - Klez.H traffic Increase Mark Rossman (Mar 13)
- Re: GroupWise - Guinevere - Klez.H traffic Increase Brian Eckman (Mar 13)
- <Possible follow-ups>
- RE: GroupWise - Guinevere - Klez.H traffic Increase Mike Heitz (Mar 13)
  - RE: GroupWise - Guinevere - Klez.H traffic Increase dave (Mar 17)
- RE: GroupWise - Guinevere - Klez.H traffic Increase Adam Shephard (Mar 13)