Klez sneaks by POP3 Scanner

Discussion in 'NOD32 version 1 Forum' started by harrier47, Jan 19, 2003.

Thread Status:
Not open for further replies.
  1. harrier47

    harrier47 Registered Member

    Joined:
    Jan 19, 2003
    Posts:
    2
    Location:
    Pacific Northwest USA
    So, I get this "Undeliverable Mail" from "Postmaster at AOL."

    No alarms go off, but it has two harmless attachments, and a third, a small file named "PAS" no extension. I save it to disk, check with NOD32, to find it ID'd as Win32/JKlez.

    Now, I assume it got by the POP3 scanner since it had no extension. Is it launchable without an extension? (I didn't try it, it's gone now.)

    J Smith
     
    harrier47, Jan 19, 2003
    #1
  2. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Klez usually travels as a self-executing script in the body of an email. It sounds like your attachment was the Klez script in non-executable form. NOD32 would ignore it unless you scanned tor files without extensions, as it was harmless in that state.
     
    rodzilla, Jan 19, 2003
    #2
  3. harrier47

    harrier47 Registered Member

    Joined:
    Jan 19, 2003
    Posts:
    2
    Location:
    Pacific Northwest USA
    Thankee, sir. I suspected as much, but hadn't encountered this particular wrinkle to the pesky Klez.

    J Smith
     
    harrier47, Jan 20, 2003
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...