Security Basics mailing list archives

RE: GroupWise - Guinevere - Klez.H traffic Increase

From: "dave" <dave () netmedic net>
Date: Thu, 13 Mar 2003 18:18:37 -0500

Funny wormwatch is still not showing it, maybe they are little behind.....

http://www.wormwatch.org/




 
_____________________
Dave Kleiman
dave () netmedic net
www.netmedic.net

 


-----Original Message-----
From: Mike Heitz [mailto:mikeheitz () upshotmail com] 
Sent: Wednesday, March 12, 2003 20:31
To: Eric Zatko; security-basics () securityfocus com
Subject: RE: GroupWise - Guinevere - Klez.H traffic Increase

Eric,
 
That's pretty interesting mainly because I've noticed a definite decrease in
the number of Klez hits on my scanning gateway. Usually when I see a lot of
hits it's because one of our vendors or clients has gotten infected and they
have pretty much everyone in my office listed in their address books. My
"guess" is that you have something similar going on here. Have you been able
to determine if the hits are coming from specific email domains, or if they
are coming from sites all over?
 
Mike Heitz CCNA, MCP
Sr IT Manager

        -----Original Message----- 
        From: Eric Zatko [mailto:EZatko () co lucas oh us] 
        Sent: Tue 3/11/2003 3:35 PM 
        To: security-basics () securityfocus com 
        Cc: 
        Subject: GroupWise - Guinevere - Klez.H traffic Increase
        
        

        Good afternoon my friends.
        
        I am wondering if any of you can shed some light on this bit of
information that I have. Here is the background:
        
        We are running GroupWise e-mail... with Guinevere antivirus scanner
for inbound and outbound Internet e-mail... which integrates with our Norton
AV to detect, block and/or clean messages.
        
        We are getting more and more e-mail each and every day that is being
blocked/cleaned/stripped of attachments containing the Klez.H virus.
        
        Now, one of two things appears to be happening... either we are
being targeted for some reason (intentionally or unintentionally), or there
is an increase in Klez.H traffic... which would be amazing since it (the
original Klez.A) has been in the wild for such a long time (October, 2001).
        
        Any thoughts... ideas... or advice?
        
        My sincere thanks in advance.
        Eric

Current thread:

GroupWise - Guinevere - Klez.H traffic Increase Eric Zatko (Mar 12)
- RE: GroupWise - Guinevere - Klez.H traffic Increase Mark Rossman (Mar 13)
- Re: GroupWise - Guinevere - Klez.H traffic Increase Brian Eckman (Mar 13)
- <Possible follow-ups>
- RE: GroupWise - Guinevere - Klez.H traffic Increase Mike Heitz (Mar 13)
  - RE: GroupWise - Guinevere - Klez.H traffic Increase dave (Mar 17)
- RE: GroupWise - Guinevere - Klez.H traffic Increase Adam Shephard (Mar 13)