[Elecraft] OT - E-MAIL SUPPOSEDLY FROM GARY SURRENCY!!!

[Tom Hammond NØSS]

Folks:

I just received an e-mail which was MARKED as though I'd had been semt from 
Gary Surrency <gary@elecraft.com>. However is was NOT from Gary, AND it 
contained the KLEZ.H virus...!

I am including (below) a copy of the text of the message, but NOT the 
virus-infected file!!!

   Return-Path: <dbandora@tiscalinet.it>
Received: from mail.tiscali.it ([195.130.225.153])
	by eagle (EarthLink SMTP Server) with ESMTP id 17KsP41pL3NZFji0
	for <n0ss@earthlink.net>; Thu, 29 Aug 2002 10:11:09 -0700 (PDT)
Received: from Gtuncfmo (62.11.91.179) by mail.tiscali.it (6.5.026)
         id 3D6DC79B000373B5 for n0ss@earthlink.net; Thu, 29 Aug 2002 
19:11:03 +0200
   Date: Thu, 29 Aug 2002 19:11:03 +0200
         (added by postmaster@mail.tiscali.it)
Message-ID: <3D6DC79B000373B5@mail-7.tiscalinet.it> (added by 
postmaster@mail.tiscali.it)
   From: gary <gary@elecraft.com>
   To: n0ss@earthlink.net
   Subject: A  powful tool
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary=Cl83SbXy9UV4g6

   Content-Type: text/html;

   Hello,This is a very powful tool
   I hope you would like it.

   Attachment: OUT.BAT

It was the ATTACHMENT file (OUT.BAT) which contained the KLEZ.H virus.

Please be aware that, just because the message APPEARS to come from a 
friend or from someone you feel you can trust, it may still not be a 
'friendly' message.

Note the Return-Path: line in the message header... the return path is NOT 
back to Gary... that's another warning of a potential threat. Additionally 
the language of the text (and spelling) were rather suspect as well.

I'm not certain why, but my virus scanning program (PC-Cillin) FAILED to 
catch this bomb. However, I visually caught it before it could do damage.

BEWARE.

73,

Tom  N0SS