[Lowfer] to Jay Rusgrove, John Jesse, Bill Ashlock, Mike Staines and the group very important

[John Davis]

>It does appear that somehow whatever does this is sucking names from
>reflectors now?
>


Not really, Paul.  The ways these worms work is by finding names in your
e-mail client's address book.  These can be senders of mail you've received
in the past or recipients of your own mail.  The virus may put any of those
in the To and From fields of the phony messages it sends out.

I can't find any actual examples of Klez in mail getting through the
reflector.  If that's what was in the message allegedly sent by Bill Ashlock
under the subject "((zzWindow !" this morning, for instance, the virus
didn't get through because it depends on HTML code to load itself and start
doing its nasty deeds.  The reflector doesn't pass HTML.

It's possible, though, that you'll find infected messages *pretending* to
have come through the reflector, because many of these varmints pick up the
subject lines of actual past messages, complete with things like "Re:
[Lowfer]" in front of the verbage.

John