[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: (ET) Virus in Forwarded Mail



Thanks, Dave, for clarifying some things I had neglected to mention. Some 
of
the messages even came from postmaster@someserverIdon'tremember. It said
that a message I had sent was being returned to me due to an error. The
attachment to those messages, which contained the virus, were said to be
emails I had sent and were rejected. I didn't recognize the user name or 
the
server name on any of them, so Klez is busily spoofing addresses on
someone's server and sending them to every address that it can find, which
evidently includes mine and some others on this list. I'm thankful for
Norton Anti Virus-- I can see that it checks everything that goes out as
well as all that comes in.

Herb Crary

----- Original Message -----
From: David Roden (Akron OH USA) <roden ald net>
To: Elec-trak Mail List <elec-trak cosmos phy tufts edu>
Sent: Monday, June 10, 2002 7:43 AM
Subject: Re: (ET) Virus in Forwarded Mail


> On 9 Jun 2002 at 22:06, Herb Crary wrote:
>
> > I have received five emails in the last two days that Norton Anti Virus
has
> > detected a virus in. It is in an attached file called BGCOLOR.pif; the
virus
> > is W32Klez.H@mn, I believe. I have deleted each email that contained it
for
> > safety. Someone who posts to the Elec-trak has had their computer
infected.
>
> Just to be 100% clear here, none of these has been posted to the list.
Herb
> is receiving these messages directly from the victim, not from the list.
So
> if you haven't received them please don't feel left out.  <g>
>
> The Klez worm is able to spoof the "from" address in emails, stealing the
> addresses from files and emails it finds on the victim's computer.  I've
> received emails from a couple of friends, warning me that my computer
> supposedly has a virus because they received Klez worms with my name on
> them.  'Taint so.  My computer is clean, and the mail headers show that
the
> messages don't originate with my ISP.  Klez is sullying my good name.  
> <g>
>
> Apparently someone to whom Herb has sent email in the past is infected,
and
> has the ET list's posting address somewhere in his computer.  The sender
> could be an ET list member, but could just as well not be.  Someone could
> have forwarded a copy of a post to him, or CCed him on a post.  As long 
> as
> the address is on a file somewhere in his computer, Klez will find it.
>
> But it never hurts to run an extra virus scan, just in case.  Of course 
> if
> you're running Linux, Windows 3.1, or some other less common OS or
variant,
> you don't have to worry about this.
>
>
> David Roden - Akron, Ohio, USA
> 1991 Solectria Force 144vac
> 1991 Ford Escort Green/EV 128vdc
> 1970 GE Elec-trak E15 36vdc
> 1974 Avco New Idea 36vdc
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> Thou shalt not send me any thing which says unto thee, "send this to all
>
> thou knowest."  Neither shalt thou send me any spam, lest I smite thee.
>
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>
> Est. yearly US cost to safeguard Persian Gulf oil supply: $50 billion
>
> Est. 2001 value of US crude oil imports from Persian Gulf: $19 billion
> -- Harper's Index, April 2002
> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>
>
>