28 APR, 2002 - 1910 CDT I'm loath to post a virus warning as 98 percent of them are false, but this one is real. I have received four emails with attached infected files today. All of them are from hams, three local friends and one Internet aquaintance in Connecticut... so I think you all should be very careful about opening or "previewing" attached files unless you are absolutely certain the file is clean. The three local messages appeared to be coming from three different people with three different subject headers and three different attached files. But when I expanded the message header, the originating computer (another local friend) was disclosed. Below is an information excerpt from the McAffee web site. I'm sure there is similar data on the Norton web site. 73 - Dick, W9GIG ================================================================== Excerpt from McAffee Website: W32/Klez (Worm) Virus The worm mails itself to email addresses in the Windows Address Book, plus addresses extracted from files on the victim machine. It arrives in an email message whose subject and body is composed from a pool of (word) strings carried within the virus (the virus can also add other strings obtained from the local machine). For example: Subject: A very funny website or Subject: 1996 Microsoft Corporation or Subject: Hello,honey or Subject: Initing esdi or Subject: Editor of PC Magazine. or Subject: Some questions or Subject: Telephone number The file attachment name is again generated randomly, and ends with an .exe, .scr, .pif, or .bat extension, for example: ALIGN.pif User.bat line.bat Thanks to the use of the exploit described above, simply opening or previewing the message in a vulnerable mail client can result in infection of the victim machine. W32/Klez.h@MM masquerades as a free immunity tool in at least one of the messages used. Below is the message sent by the virus itself. Subject: Worm Klez.E Immunity Body: Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me. The worm may send a clean document in addition to an infected file. A document found on the hard disk, that contains one of the following extensions, is sent: .txt .htm .html .wab .asp .doc .rtf .xls .jpg .cpp .c .pas .mpg .mpeg .bak .mp3 .pdf This payload can result in confidental information being sent to others. ========================================================================