Virus Alert: W32.Klez.gen@mm 04/29/2002
The purpose of this virus ALERT is to make the College community aware of a computer virus that has the potential to destroy computer files, disable computer functions, or otherwise disrupt normal business operations, patient care services, or academic pursuits at Massasoit Community College.

Virus Name: W32.Klez.gen@mm
[aka: None at this time]

Platform: Windows

Brief Summary:
W32.Klez.gen@mm is a generic detection that detects variants of W32.Klez. Computers that are infected with W32.Klez.gen@mm are most likely infected with either W32.Klez.E@mm or W32.Klez.H@mm. Please refer to the appropriate write-ups for more information.

Here is another virus to be prepared for.
'Vote virus' poses as plea for peace
By Robert Lemos
ZDNet News - September 24, 2001 3:00 PM PT

Security experts on Monday warned of a new file-deleting virus masquerading as a program that allows people to vote on whether the United States should go to war. The "Vote Virus" is spreading via e-mail to users of Microsoft's Outlook e-mail program, said Simon Perry, vice president of security solutions at Computer Associates International.

The virus appears with the subject line: "Peace between America and Islam!" and the body of the e-mail reads: "Hi. Is it a war against America or Islam!? Let's vote to live in peace!" Perry said. When the attachment entitled "WTC.exe" is opened, the virus deletes all the files on the computer's hard drive and sends copies of the original e-mail message to every address listed in the computer's address book, he said. The virus also defaces any Web pages that are hosted by an infected computer to read: "America...few days will show you what we can do!!! It's our turn Zaker is so sorry for you."The virus is believed to be the work of an opportunist and not associated with the Sept. 11 jetliner attacks on the World Trade Center and the Pentagon that left more than 6,000 people dead or missing."There is no evidence that this is related to the people who carried out" the attacks, Perry said. "We feel this is likely to get quite a high pickup in that a lot of people are going to click on this," he said. "If the news about this doesn't get out before people get their e-mails, they're at risk."Perry said he expects there will be more socially engineered viruses created in the future that will take advantage of people's interest in the attacks and the subsequent political and military repercussions. "What this is, is a sick sense of humor," Perry said. "Chances are this is not any kind of cyberterrorism. It's just cyberterror."

As many as 10 large corporate customers of Computer Associates have been infected since the virus first appeared Monday morning, Perry said. Researchers do not know where it originated, but it has not yet hit Europe and Asia, he said.

W32.Sircam Virus
In late July and early August, a worm infected several campus computers. (A computer worm is a program that can spread copies of itself or its segments to other computer systems.) The worm W32.Sircam.Worm@MM is a threat to networked computers and shared computer files. "Sircam" arrives as an email, appears innocent and friendly, but is very contagious and can do damage to your system and files.

Your electronic mailbox may have a copy of the infected email waiting to attack your machine. Unfortunately, we could not “fix” this problem because of the privacy concerns associated with entering individual e-mail accounts.

When you read your email, beware of any mail that has the following form:
Subject: A random statement that will have the name of the attached file in the subject.
Attachment: A file taken from the previously infected computer with a file extension type - .bat; .com; .lnk; or .pif added to its name.
Message: The body of the mail will contain one of the following two lines in either Spanish or English:

First Line: Hola como estas?
Last Line: Nos vemos pronto, gracias.

First Line: Hi! How are you?
Last Line: See you later. Thanks

Between those lines something like the following may appear:
Spanish Version:
Te mando este archivo para que me des tu punto de vista Espero me puedas ayudar con el archivo que te mando Espero te guste este archivo que te mando Este es el archivo con la informacion que me pediste

English Version:
I send you this file in order to have your advice I hope you can help me with this file that I send I hope you like the file that I send you This is the file with the information that you ask for

IMMEDIATELY DELETE ANY SUCH MAIL. DO NOT OPEN THE ATTACHMENT!

IF ANYTHING OUT OF THE ORDINARY APPEARS IN YOUR EMAIL, SHUTDOWN YOUR COMPUTER, AND CALL THE HELPDESK - X 1139, IMMEDIATELY.

The worm is very active, and can be damaging. Do not postpone the call.

Magistr Virus
Virus researchers have discovered a new variant of the destructive Magistr virus that destroys local and network files and can also overwrite data stored on the CMOS and BIOS chips. Known as Magistr.B, the new virus arrives in an e-mail and can carry multiple message attachments. The virus itself is contained in a file called readme.exe, and the user must open the file for the virus to execute.

The virus is reported to be spreading quickly in Europe, but has not been seen in the United States yet, anti-virus vendors say. The virus is a variant of the original Magistr.A virus, which has been around since early 2000 and is still one of the most common viruses on the Internet. In addition to destroying files, Magistr.B also overwrites win.com and NETLDR, the operating-system loaders for Windows, and destroys any file with a .ntz extension, which are files used by AV software, according to an alert released by security vendor Vigilinx Inc.

The new virus also disables any active copies of Zone Labs Inc.'s ZoneAlarm personal firewall that it finds. The virus spreads via e-mail and generates random subject lines of up to 60 characters. Unlike many other mass-mailing viruses, Magistr.B can pull addresses from the files of several e-mail clients, including Outlook, Outlook Express, Eudora, Netscape Messenger and some Web-based mail clients.