Possible email virus - 'A very nice game'

I’ve been receiving strange emails from people lately. I suspect they’re some form of an email virus. They come from addresses I recognize, and have text similiar to :

Hello,This is a nice game
This game is my first work.
You’re the first player.
I hope you would like it.

I can’t find any info on the web in general or on symantic’s Norton Anti-Virus page. I’ve gotten the email with the identical text from several people - all relatives of mine, so I’m guessing one person is infected and is infecting other people as well.

I have the latest and greatest NAV files, and it’s not detecting anything.

Any ideas?

I have seen that very email.

I opened the file in a hex editor to take a quick peak.

It is almost certainly a trojan horse.

I trashed it. I recommend you do the same. As for your relatives, hopefully someone will come along shortly with clean up instructions.

Man, my email boxes have been flooded with these damn things recently. I’ve received it at least a dozen times in the past 2 days. AVG Antivirus detects it as some sort of worm but I can’t remember the exact name. If your Norton AV files aren’t detecting it, then you might consider downloading AVG (it’s freeware) just cover all your bases.

I just got yet another one. It’s called I-Worm/Klez.H

It’s definitely Klez. Wired recently had an article about it. You can read it here.

Klez is all over these days. It takes a lot of forms and is annoyingly persistant (and don’t bother telling the person who “sent” you the e-mail – that address is randomly chosen and has nothing to do with the sender).

I’ve received Klez about 40 times in the past 2 months. It’s really annoying. Also annoying about Klez is the FROM: address is not the person who is infected, but a random name from the addressbook of the infected person. Consequently, I’ve received 2 angry e-mails claiming I sent them the virus, when I didn’t. NAV quarantines Klez before it even finishes downloading…and I don’t even have an addressbook.

I was just sent a copy of the worm which claims its attachment is actually for “protecting” against the worm. The body of the text reads:

The attachment is named backgound(1).scr, and is 88k in size, which is the same size as the other infected attachments. So, obviously, this is a copy of the worm which would infect my computer if I ran it, and not a real disinfectant. Any my AV monitor would “cry” because it was the real thing.

Weird- I got that and there was nothing attached. How bizzare! I was thinking “This is the dumbest virus writer on Earth”

I have gotten many of those recently, but they all had “darling” and “sweetheart” and were written up like loveletters. Many have been from the same address. I replied to one and that particular address stopped sending them.

I’m still not sure whether they were sent by the virus on an innocent person’s computer, or someone was forwarding them to me intentionally. I don’t use Microsoft Outlook though so it isn’t really an issue (other than being annoying).

Bumping this because I just received another version, with the accompanying text:

Of course, my fellow dopers are too smart to fall for this noxious bullshit, but perhaps we can help out our more naive friends and family and warn them away.

The klez virus does email spoofing so it probably isn’t from the “from” address. If you open up the header look at the return path, that’s probably who it came from.

Also don’t be lulled if you don’t see an attachment, it keeps them hidden. I use yahoo mail which seems to keep it from spreading automatically. I have to intentionally click “download attachments” to see that there are any. From there I can scan the various files to identify the virus before downloading.

I got the “very nice game” message the other day and the attachment was an HTML document (CAWLIZWP.HTM). I opened it in a text editor. It contained some references to the address dgl.microsoft.com. The references were all to little .GIF images of animals. Is the virus somehow hidden “between the lines?” I looked around a little at dgl.microsoft.com and can’t make much sense of it.

I am using a Mac (OSX v10.1.2). Is the klez virus Windows-only??

I also received an email from a stranger with a .JPG of a bright green VW New Beetle. I suppose this is also a virus…

malden

I have gotten emails like this and others, all with different subject lines and sender names, thereby making it impossible to filter them out. :mad: I use Outlook 2000 with the preview pane option on. The window is always blank and there are no attachments that I can see. Even though I never fully open these emails the preview pane is still having to process something in order to view it. NAV doesn’t find anything in them, and last I scanned my hard drive for viruses nothing was found. I’d like to use the preview pane, and I don’t see that these emails are doing any damage to my system, but if someone recommends that I should turn off the preview pane then I will heed his/her advice.

malden

No, that’s a bug.

I got that “game” email. I read it, but I didn’t download any attachements and I use my school’s webmail (with IE) and not Outlook Express. Am I safe?

Klez is a really annoying worm. Apart from the features mentioned above, it can also infect your computer if you use the preview function to view the infected email best to turn the preview function off and just delete these emails as soon as they turn up

Another particularly annoying feature is that it attacks and disables most antivirus software, so you might not realise you’ve got it until your software starts acting up.

It uses a range of about 100 subject lines (like the one about the game or the ones beginning “Darling…”

My wife got this on our computer the other day and didn’t realise that she had it for a few days. Took me ages to get it off. Had to get a new Klez-specific antivirus script, run the computer in safe mode and run it a couple of times to clean it all off.

Best approach is turn off preview and just delete anything suspicious immediately.