CUBAN  INFORMATION  ARCHIVES




DOCUMENT  0334

Cuban Secret police Logo

| Site MENUBack to Cuban Terrorism MENU | Quick File Index |


CUBAN CYBER TERRORISM:
A REAL CASE

WE MUST BE UPSETTING SOME CUBAN COMMIES
POSSIBLY WITH THE TRUTH

NOTE: If you received an email with cuban-exile.com as the sender,
it is part of the Cuba campaign to disrupt this site.
We do NOT use this address for email.


Subject: Worm Klez.E immunity
   Date: Sun, 18 Aug 2002 19:18:45 -0400 (EDT)
   From: ojito <ojito@escambray.esiss.colombus.cu>
     To: webmaster@cuban-exile.com

Klez.E is the most common world-wide spreading worm. It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic, most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once, and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm, some AV monitor maybe cry when you run it.
If so, Ignore the warning, and select 'continue'.
If you have any question, please mail to me.



When we received the above, it seemed normal and our anti virus did not detect any virus which it usually does with the Klez.

We had received similar messages in the past to go to a site which would provide an anti virus program.  We deleted them.  We also have received other emails containing this virus with bogus names.  We recommend that you delete any email with a CU ending.  It's part of Castro's Cyber Terrorism war.
We receive about two virus infected emails per day. It has also been noted that these emails often come from countries other than Cuba, such as Italy, Spain, Denmark, Sweden, France, etc.

When the above was forwarded, it went out as a file size of 151k. This seemed funny so we stopped the email from being sent and checked it. It seemed normal so we sent it to two places with virus detection programs for incoming emails.  Our Norton and other virus programs didn't pick up anything. Evidently the virus is not activated unless the email is forwarded or the recipient clicks on the link, which was "please mail to me".   We received the following back from the two recipients.


Subject: Virus Alert
   Date: Sun, 18 Aug 2002 20:09:03 -0500 (EST)
   From: helpdesk@[deleted].edu
     To: <webmaster@cuban-exile.com>

The mail message with the attached file (file: rowspan.pif) you <webmaster@cuban-exile.com> (or your system) sent to <An@[deleted].edu> contained the virus WORM_KLEZ.H.  Please check your system for possible virus infection.
----------------------------------------------------------------------------------------------------------------------
Subject: Virus Alert
   Date: Sun, 18 Aug 2002 20:08:55 -0500 (CDT)
   From: gatewayadmin@[deleted].com
     To: <webmaster@cuban-exile.com>

The mail message (file: rowspan.pif) you sent to <por@[deleted].com> contains a virus.
The message was not delivered.


In 2005 a new campaign has been launched from Cuba by sending email with virus with a return address as cuban-exile.com
IT'S FROM CUBA!
We do NOT use this address for email.


END  Document

Copyright 1998-2014 Cuban Information Archives. All Rights Reserved.