[CW] W32.Klez.e@MM virus
Ken Lotts
[email protected]
Tue, 23 Apr 2002 17:06:41 -0700 (MST)
Sorry David,
No IP address spoofing ...Boy that would be one sophisticated virus if it
did that too!
Email address spoofing is what I was witnessing (via my server logs and
many concerned users) ...and reporting to you about.
73 de Ken
aa7jc
On Tue, 23 Apr 2002, David J Ring Jr wrote:
> Ken,
>
> Can the Klez virus not only spoof mailing addresses, but can it spoof IP
> addresses.
>
> Since I already said that it can spoof mailing addresses, I am guessing that you
> are meaning that it can spoof IP address as well, so that the message header
> isn't of any use?
>
> PLS CONFIRM !!!
>
> 73
>
> DR
>
> On 23 Apr 2002 at 16:04, Ken Lotts wrote:
>
> I thought you might be interested to know that according to
> "www.antivirus.com" the Klez virus does in fact spoof
> addresses..
>
> >From the www.antivirus.com site:
>
> "Similar to the other KLEZ variants, this worm can change or spoof the
> original email address in the FROM: field. It obtains the email addresses
> that it places in the FROM: field from the infected user's address
> book. This causes a non-infected user to appear as the person who has sent
> this worm's malicious email. It does this to hide the real sender of the
> infected email."
>
> As postmaster for an ISP, I am seeing numerous situations of spoofed
> return addresses in Klez virus messages ..causing all sorts of erroneous
> finger pointing.
>
> Ken Lotts aa7jc
>
> _______________________________________________
> CW mailing list
> [email protected]
> http://mailman.qth.net/mailman/listinfo/cw
>