RE: GroupWise - Guinevere - Klez.H traffic Increase

["Mike Heitz" <mikeheitz () upshotmail com>]

Eric,
 
That's pretty interesting mainly because I've noticed a definite decrease in the number of Klez hits on my scanning 
gateway. Usually when I see a lot of hits it's because one of our vendors or clients has gotten infected and they have 
pretty much everyone in my office listed in their address books. My "guess" is that you have something similar going on 
here. Have you been able to determine if the hits are coming from specific email domains, or if they are coming from 
sites all over?
 
Mike Heitz CCNA, MCP
Sr IT Manager

        -----Original Message----- 
        From: Eric Zatko [mailto:EZatko () co lucas oh us] 
        Sent: Tue 3/11/2003 3:35 PM 
        To: security-basics () securityfocus com 
        Cc: 
        Subject: GroupWise - Guinevere - Klez.H traffic Increase
        
        

        Good afternoon my friends.
        
        I am wondering if any of you can shed some light on this bit of information that I have. Here is the background:
        
        We are running GroupWise e-mail... with Guinevere antivirus scanner for inbound and outbound Internet e-mail... 
which integrates with our Norton AV to detect, block and/or clean messages.
        
        We are getting more and more e-mail each and every day that is being blocked/cleaned/stripped of attachments 
containing the Klez.H virus.
        
        Now, one of two things appears to be happening... either we are being targeted for some reason (intentionally 
or unintentionally), or there is an increase in Klez.H traffic... which would be amazing since it (the original Klez.A) 
has been in the wild for such a long time (October, 2001).
        
        Any thoughts... ideas... or advice?
        
        My sincere thanks in advance.
        Eric