RE: GroupWise - Guinevere - Klez.H traffic Increase :VSMail mx5

["Lisa LAFLEUR" <LLafleu () firstfedamerica com>]

When this variant first came out, I read an article on why and how it
has become so popular.  I remember reading that someone must be seeding
this virus because by itself it could not have become so big, so fast. 
I honestly believe that seeding this virus is still a very active
practice for whoever is responsible for this virus and that is why we
continue to get hit.  Perhaps, the person(s) simply backed off for
awhile, but when other viruses threatened the top spot, he began to seed
the virus again.   Just my opinion, but there has to be some catalyst
and to me that points right back at the creator.

Lisa B. Lafleur, CNE, CISSP
Data Security Administrator
FIRSTFED
One FIRSTFED Park
Swansea, MA 02777
(508) 235-1770

> > > Adam Shephard <adams () firstfederalbanking com> 3/13/2003 11:08:34 AM
I have to chime in as one who has been seeing increased Klez activity
as
well. Only thee or four a day but, considering we were going for a
period
with none, it does make me curious.

> -----Original Message-----
> From: Mike Heitz [mailto:mikeheitz () upshotmail com] 
> Sent: Wednesday, March 12, 2003 8:31 PM
> To: Eric Zatko; security-basics () securityfocus com 
> Subject: RE: GroupWise - Guinevere - Klez.H traffic Increase
>
>
> Eric,
>  
> That's pretty interesting mainly because I've noticed a 
> definite decrease in the number of Klez hits on my scanning 
> gateway. 
<snip>
>       -----Original Message----- 
>       From: Eric Zatko [mailto:EZatko () co lucas oh us] 
>       Sent: Tue 3/11/2003 3:35 PM 
>       To: security-basics () securityfocus com 
>       Cc: 
>       Subject: GroupWise - Guinevere - Klez.H traffic Increase
>       
<snip>
>       
>       We are getting more and more e-mail each and every day 
> that is being blocked/cleaned/stripped of attachments 
> containing the Klez.H virus.
<snip>
>