Subject: Re: new way of delivering virii?
From: James Zuelow (e5z8652@zuelow.net)
Date: Sat Jun 22 2002 - 12:28:08 AKDT
----- Original Message -----
From: "Buddha" <buddha@gci.net>
To: <aklug@aklug.org>
Sent: Saturday, June 22, 2002 10:36 AM
Subject: new way of delivering virii?
>
> I just received this message from GCI's mail system regarding an email
I
> never sent in the first place. I don't even know who
> jblagg@stupiditytak.net is and that domain doesn't exist according to
I would guess that it is a later version of the Klez virus. Klez picks
a random address from the infected computer's address book for both the
recipient address and to use in the From: header field. So if User A
has a computer that is infected, Klez may send a virus from that
computer that is addressed to User B, but has a From: header stating the
message is from User C. This has the effect of sending any "you have a
virus" messages to User C, instead of User A - so User A does not
realize there is a problem.
However Klez isn't smart enough to spoof the original IP address. The
IP address is a clue to who has the actual infection (well, you can
determine their ISP anyway), and the fact that both you and the e-mail
address in the From: header are in their address book is another small
clue. In other words, good luck finding them if the IP address resolves
to a dialup pool. I would just ignore it & hope the person with the
Klez infection eventually updates their virus signatures.
Cheers,
James
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Sat Jun 22 2002 - 12:28:24 AKDT