Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Watch out, KLEZ is about.

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Watch out, KLEZ is about.

    To All

    I have received at least 4 KLEZ virus attacks from people using this message board. I know they were not sent deliberately. Please be carefull when opening attachments to emails especially when there is no text in the message section.

    Keith Hubert
    London.
    Regards
    Keith Hubert
    Alpha Guild Member
    London.
    KHDB Management Systems
    Skype = keith.hubert


    For your day-to-day Needs, you Need an Alpha Database!
    Tags: None
    #2
    RE: Watch out, KLEZ is about.

    Keith,

    Following on to our e-mails, does anyone think that someone has gotten hold of this message board? Every item has a link to e-mail woth addresses attached. How Tempting!!!

    Tom

    Comment

      #3
      RE: Watch out, KLEZ is about.

      This particular virus is quite volatile - As a Tech Support guy I can tell you that I have personally cleared this virus from over 400 pc's in the past month. Most of these do not have any antivirus software, others simply forget to upgrade the software that they do have. This means that we are all likely to get this virus at some time.

      *** Make sure that you have an antivirus program and update it as frequently as possible.***
      If It Works First Time, There's Something Wrong!!!

      Comment

        #4
        RE: Watch out, KLEZ is about.

        Spoke to one of our salesmen yesterday- he was whacked by a virus that did a number on his HDD. I asked him when he last updated his virus definitions. He hadn't done it since installing the av program. Unfortunately I think this is pretty common. If you have dial up, downloading new defs every few days is a pain and most (or at least many) don't bother.

        Can't happen here!

        I wonder if perhaps the structure of the board could be changed to not allow the email addresses to be accessed directly. Maybe the Alpha server could filter access to them so anyone trying to collect them in bulk would be denied. Just a thought.

        I have to set up a new email server in the next few days, maybe I'll learn something applicable to this.

        Russ

        Comment

          #5
          RE: Watch out, KLEZ is about.

          There are many changes we'd like to see made to the message board system and your suggestion is one of them. But playing with PHP code written by someone else isn't our priority right now even though we do have the raw PHP talent to do it. If it was, you guys would still be waiting for the V5 release ;)

          What we are planning to do instead is create a new message board using the Alpha Five Application Server once it is ready. This will help us test the product under a real-world load as well as let everyone see the Application Server in action. This is still a couple of months away, but all suggestions for improvements are welcome.

          -Lenny

          Lenny Forziati
          Vice President, Internet Products and Technical Services
          Alpha Software Corporation

          Comment

            #6
            RE: Watch out, KLEZ is about.

            I trust the following will be of help.

            WORM_KLEZ

            Details:

            All KLEZ variants, except WORM_KLEZ.B, are mass-mailing worms. They mail themselves to specified addresses by sending SMTP commands to an SMTP server. The worm exploits a vulnerability that opens an executable attachment even in Microsoft Outlook's preview pane. More information about this vulnerability is available at Microsoft Security Bulletin and a security update is available at Microsoft's Security Update.

            WORM_KLEZ.B enables a remote user access to its infected computer.

            All KLEZ variants, except WORM_KLEZ.B, are multi-threaded worms, where each thread performs a predefined task such as network infection or emailing. WORM_KLEZ.B spawns multiple copies of itself in memory.

            I. Propagation

            Where it obtains target email addresses from:
            KLEZ variants .A, .C, and .D obtain recipients from the entries in the default Windows Address Book (WAB). It retrieves the filename of the WAB file from the following registry entry:
            HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4Wab File Name =

            Variants .A, .E, .F, .G, .H, and .I also gather addresses from the following files in the infected computer: MP8, EXE, SCR, PIF, BAT, TXT, HTM, HTML, WAB, DOC, XLS, CPP, C, PAS, MPQ, MPEG, BAK, MP3.

            Variants .A, .C, and .D use the following SMTP server to send emails:
            smtp.yahoo.com
            smtp.hotmail.com
            smtp.sina.com

            Variants .E and .F obtain a SMTP server using the domain name of the email address used in the From: field of the email it sends. For example, if the From: field of the email is [email protected], then it uses smtp.somewhere.com to send its spoofed email.

            Variants .G, .H, and .I obtain a SMTP server from the registry as follows:
            HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Accounts\, SMTP Server

            The address used in the FROM field:
            Variants A., .C, .D, .E, and .F take the address from a list that is stored in the worm body. The lists changes for each variant.

            Variants .G, .H, and .I obtain email addresses to place in the FROM: field from the infected user's address book. This causes a non-infected user to appear as the person who has sent this worm's malicious email. It does this to hide the real sender of the infected email.

            Mail Subject
            Variants .A, .C, and .D compose the email subject line from a list in the worm's body. This list is the same for each of these three variants.

            Variants .E and .F compose the email subject line from a list in the worm's body. This list is the same for variants .E and .F.

            For variants .G, .H, and .I, the subject of the email is composed in a complex manner, but also taken from a list in the worm's body.

            Mail Body
            For variants .A, .C, and .D the message body is as follows:
            I'm sorry to do so,but it's helpless to say sorry.
            I want a good job,I must support my parents.
            Now you have seen my technical capabilities.
            How much my year-salary now? NO more than $5,500.
            What do you think of this fact?
            Don't call my names,I have no hostility.
            Can you help me?

            Variants .E, .F, .G, .H, and .I generate a random mail body

            II. Payload

            For variants .A, .C. and .D, on the 13th day of any odd month (January, March, May, July, September, November), the worm attempts to execute its destructive payload. For all fixed and remote drives, it overwrites all files with zeros. This worm routine has a bug in generating the drives, however, and therefore fails to perform the task. The size of the original file does not vary. For each drive the worm sleeps for 30 minutes.

            For variants .E and .F, on the 6th day of any odd month, this worm searches the fixed and remote drives for files having the following extensions, and then attempts to overwrite these files with garbage code: TXT, HTM, HTML, WAB DOC, XLS, CPP, C PAS, MPEG, MPG, BAK, MP3, JPG.

            Variants .B, .G, .H, and .I have no payload

            III. Killing Antivirus Processes in Memory
            Variants .A, .C, and .D kill running processes and occasionally delete the executable files of programs associated with some antivirus products. The list is the same for variants .A, .C, and D.

            Variants .E, .F, .G, .H, and .I kill running processes and occasionally delete executable files of programs associated with some antivirus products. The list is the same for variants .E, .F and .H.

            IV. Network Infection
            The worm is capable of spreading via shared drives/folders with read/write access. To accomplish this, it enumerates all the shared resources of an infected system. For each entry, it copies itself to files with randomly generated filenames. Variants .A, .C, .E, .F, .G, .H, .I are capable of this.

            Variants .B and .D are not capable of network infection

            V. Dropped virus
            Variants .A, .B, .C, and .D drop PE_ELKERN.A

            Variants .E, .F, and .G drop PE_ELKERN.B

            Variants .H and .I drop PE_ELKERN.D

            WORM_KLEZ.H
            WORM_KLEZ.I

            copied from http://www.trendmicro.com/vinfo/security/klez_descrip.htm

            Comment

              #7
              RE: Watch out, KLEZ is about.

              That sounds great! looking forward to it.

              Russ

              Comment

                #8
                RE: Watch out, KLEZ is about.

                I received at least 4 (more!) KLEZ virus attacks last night!
                Peter
                AlphaBase Solutions, LLC

                 [email protected]
                https://www.alphabasesolutions.com

                Comment

                  #9
                  RE: Watch out, KLEZ is about.

                  Chris,

                  Even with a current update, Norton does not catch these critters upon arrival. By any chance, can you elaborate a bit on this?

                  kenn
                  TYVM :) kenn

                  Knowing what you can achieve will not become reality until you imagine and explore.

                  Comment

                    #10
                    RE: Watch out, KLEZ is about.

                    As far as I know Norton WILL catch the virus as it has for me several times ... Symantic updates there virus definitions once a week on Wendsdays .. so update evry thurs am and you will be fine. DONOT rely on autoupdate as it only updates the virus definitions and not the antivirus program itself. This virus exploits a "hole" in Norton so updating using live update opposed to autoupdate is a MUST!!

                    I have attached the removal tool for this virus that you can run to check your system and rid it of the virus if its found. MAKE SURE TO USE THIS IN SAFE MODE or it cannot remove all of the virus.

                    If your afraid to use my attachment you can find the tool at: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

                    Have a virus free day :)

                    Comment

                      #11
                      RE: Watch out, KLEZ is about.

                      DUHHHHHHHHHHHH I forgot to attach the file ...lol

                      Hope Richard doesn't pick on me for this too :)

                      Comment

                      Previous template Next
                      Working...
                      X