[EIDXA] Klez Virus

[Lew Gordon]

>The EIDXA list server has received several dozen messages which appear to
>have been generated by the Klez virus.  I believe this is also called the
>.W32 virus.  I don't believe any of them have managed to make it out on the
>list as the mailman software requires that I approve any message that does
>not meet certain rules like "no text" in the case of .W32.
>
>The first of strange message I received was from KE0MO and it may have been
>a .W32.  K0JGH definitely had a problem and I talked to Glen and he believes
>he has it cleaned up.  I also received one message from K4VX.  Others have
>not been indefinable as far as the source.


Jim,

This virus steals an address book from an infected computer and then
randomly choses an address that it finds as the "From:" address.  Numerous
cases have been reported in which users of *uninfected* computers receive
complaints that 
*they* have sent an infected message to someone, when in fact, they did 
not.

With this ability to spoof the email FROM: field. The senders address used
by the virus, may be one that was found on the infected user's system.
Thus, it may appear that you have received this virus from one person, when
it was actually sent from a different user's system. Viewing the entire
email header will display the actual senders address. 

I have received about 10 notices from my ISP that it has intercepted the
virus and deleted it, but about three have made it into my e-mail where
McAfee intercepted them and I deleted them.  I upgrade my DAT file at least
once a week.  Everyone should.

73,

Lew, K4VX