Re: GroupWise - Guinevere - Klez.H traffic Increase

[Brian Eckman <eckma009 () umn edu>]

My former department here runs Guinevere and GroupWise. In February, 
Klez.H accounted for 83.8% of the viruses/worms blocked by Guinevere. 
This month so far it's 86%. Nelson Labs uses a program that I wrote to 
post their Guinevere stats to the Web. Between February and March, 
Klez.H accounts for well over half of the viruses/worms blocked.

Programme d'Analyse des Troupeaux Laitiers du Québec also posts their 
Guinevere results online, and while not tabulated, it looks like more 
than half were Klez.H. Texas A&M Extension does as well, but it looks 
like they aren't up to date.

Sophos lists Klez.H as the top virus of February 2003. So, it appears to 
be all in a day's work.

Brian

Eric Zatko wrote:
> Good afternoon my friends.
>
> I am wondering if any of you can shed some light on this bit of information that I have. Here is the background:
>
> We are running GroupWise e-mail... with Guinevere antivirus scanner for inbound and outbound Internet e-mail... which 
> integrates with our Norton AV to detect, block and/or clean messages.
>
> We are getting more and more e-mail each and every day that is being blocked/cleaned/stripped of attachments containing 
> the Klez.H virus.
>
> Now, one of two things appears to be happening... either we are being targeted for some reason (intentionally or 
> unintentionally), or there is an increase in Klez.H traffic... which would be amazing since it (the original Klez.A) 
> has been in the wild for such a long time (October, 2001).
>
> Any thoughts... ideas... or advice?
>
> My sincere thanks in advance.
> Eric