[R-390] [Fwd: Virus: W32Klez.gen@mm]

Greg Werstiuk [email protected]
Mon, 29 Apr 2002 21:55:40 -0700 

Klez has become quite virulent.  Number of reported cases has been
exploding.

Klez takes any address book entries or other email addresses it finds on
infected systems and uses them to forge the "From:" header in the emails it
sends to propagate itself.  People are getting "yelled" at as being infected
because the recipient isn't sophisticated enough to realize the "From:" is
forged rather than coming from the displayed sender.

In addition to possibly having infected emails sent to you, you may receive
bogus "bounce" messages.

If the destination address in a klez email is invalid, the bounce goes back
to the forged address rather than the real sender.  The receieved bounce
messages may make one think one is virus infected when one is not.  In
addition, opening the attachment returned in the bounce can infect one.

- greg

-----Original Message-----
From: [email protected] [mailto:[email protected]]On
Behalf Of Walter (Volodya) Salmaniw
Sent: Monday, April 29, 2002 5:51 PM
To: Harry G. Leisk
Cc: [email protected]
Subject: Re: [R-390] [Fwd: Virus: W32Klez.gen@mm]


At 12:51 PM 4/29/2002 -0700, Harry G. Leisk wrote:


>"Harry G. Leisk" wrote:
>
> > To my address book:
> >
> > Re:  virus Klez.gen@mm
> >
> > I don't want to upset anyone, but my Norton Anti-Virus email scanner has
> > intercepted and quarantined this nasty email attachment virus nine times
> > since April 25, 2002 on my incoming messages.

I've had the same experience, Harry, sometimes three or four incoming
messages one after another, each one with the same virus, also intercepted
by Norton.  Not sure how they got my email address.  Since changing from
@home to shaw.ca, the volume of spam has decreased 95%, and I've had no
viruses until very recently.....Walt.


--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
The reason this message is shown is because the post was in HTML
or had an attachment. Attachments are not allowed.
Please post in Plain-Text only.---
_______________________________________________
R-390 mailing list
[email protected]
http://mailman.qth.net/mailman/listinfo/r-390