[CW] W32.Klez.e@MM virus
David J Ring Jr
[email protected]
Tue, 23 Apr 2002 18:31:48 -0400
Ken,
Can the Klez virus not only spoof mailing addresses, but can it spoof IP
addresses.
Since I already said that it can spoof mailing addresses, I am guessing that you
are meaning that it can spoof IP address as well, so that the message header
isn't of any use?
PLS CONFIRM !!!
73
DR
On 23 Apr 2002 at 16:04, Ken Lotts wrote:
I thought you might be interested to know that according to
"www.antivirus.com" the Klez virus does in fact spoof
addresses..
>From the www.antivirus.com site:
"Similar to the other KLEZ variants, this worm can change or spoof the
original email address in the FROM: field. It obtains the email addresses
that it places in the FROM: field from the infected user's address
book. This causes a non-infected user to appear as the person who has sent
this worm's malicious email. It does this to hide the real sender of the
infected email."
As postmaster for an ISP, I am seeing numerous situations of spoofed
return addresses in Klez virus messages ..causing all sorts of erroneous
finger pointing.
Ken Lotts aa7jc