[Adrian ARC] Klez Virus

Mark Hinkleman [email protected]
Tue, 3 Dec 2002 11:29:16 -0500 

It is very likely that someone in the club has the Klez 32 virus. I have =
recieved infected messages that were addressed as being from Joe Pullen =
and Bill Groover. These messages did not come from them, but likely from =
someone who has Me ([email protected]), Joe [email protected] =
and Bill [email protected] in there address book. =20

Please see the below information that was provided by Bob W.

I haven't gotten any, but you have to be careful about guessing the =
message
originator with KLEZ.  It infects a machine, then "spoofs" the mailer,
making it look like someone in the address book is the originator of the
infected mail.  You really can't tell where the message is originating
unless you are really good at reading headers (and have some telepathic
gifts!). While KLEZ might be coming from Joe's machine, it is just as =
likely
that it is coming from some machine that has Joe's name and email =
address in
its address book.

The bottom line is, if your machine is on the net, and you are not =
running
updated antivirus software, then you will be a prime target.  After it =
gets
finished sending itself out to everyone in the address book, it then =
erases
significant chunks of the hard drive, leaving you with a great boat =
anchor.
Bob, K2IBM

Now, I don't know that I have the "telepathic" gifts that Bob speaks of, =
but my best guess is that the originator (virus carrier) has a =
Verizon.net email address. The originator "appears" as =
([email protected] and [email protected])  As you know, these are not =
these guys email addesses. =20

So, why I'm I sending this????  If in your addressbook, you have the =
adresses found in the first paragraph of this message you might be =
infected. I stress the word "Might". To be safe, run a good up to date =
virus checking program. The most recent infected message I got had a =
subject line of "Lets be friends"

Mark NU8Z




--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
The reason this message is shown is because the post was in HTML
or had an attachment. Attachments are not allowed.
Please post in Plain-Text only.---