Re: Question Re: Klez
From: Mark Strelecki, ACP (be6-507@nospam.strelecki.com)
Date: 08/22/02
- Next message: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-045"
- Previous message: sv: "CreateProcessWithLogonW / STARTUP_INFO"
- In reply to: fooman: "Re: Question Re: Klez"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: " Mark Strelecki, ACP" <be6-507@nospam.strelecki.com> Date: Thu, 22 Aug 2002 17:59:04 -0400
Klez fakes the return address of the sent (infected) email.
>From www.symantec.com -
"Because this worm does use a randomly chosen address that it finds on an
infected computer as the "From:" address, numerous cases have been reported
in which users of uninfected computers receive complaints that they have
sent an infected message to someone else.
For example, Linda Anderson is using a computer that is infected with
W32.Klez.E@mm; Linda is not using a antivirus program or does not have
current virus definitions. When W32.Klez.E@mm performs its emailing routine,
it finds the email address of Harold Logan. It inserts Harold's email
address into the "From:" line of an infected email that it then sends to
Janet Bishop. Janet then contacts Harold and complains that he sent her
infected email, but when Harold scans his computer, Norton AntiVirus does
not find anything--as would be expected--because his computer is not
infected.
If you are using a current version of Norton AntiVirus, have the most recent
virus definitions, and a full system scan with Norton AntiVirus set to scan
all files does not find anything, you can be confident that your computer is
not infected with this worm."
-- Mark Strelecki, ACP BE6.XP1097.020817 Computing and Programming Since 1975 http://www.strelecki.com/links.html I MAKE IT GO! © "fooman" <fooman@chu.com> wrote in message news:X1b99.135843$SS.5915184@bin3.nnrp.aus1.giganews.com... > yes and no.... your anitvirus client is catching them...but if you got the > one most likely you are going to get others from the same source. Your > best bet is to look at the FULL mail header and see who the orginial sender > is an contact them. Listed below is a KLEZed email header the bolded is the > REAL email address. If you know the person that is sending you the KLEZed > emails tell them to update there AV defintions but they will have to run the > KLEZ repair tool first. > > Eric > > > > Return-Path: <kelle@cut.net> > Received: from cut.iserver.net ([161.58.12.67]) by ice > (Messaging Server) with ESMTP id H06JTO00.IRL for > <msuarez>; Thu, 1 Aug 2002 13:37:00 -0600 > Received: from Bcdteg ([65.203.16.115]) by cut.iserver.net (8.11.6) id > g71JaBf27549 for <msuarez>; Thu, 1 Aug 2002 13:36:12 -0600 (MDT) > Date: Thu, 1 Aug 2002 13:36:12 -0600 (MDT) > Message-Id: <200208011936.g71JaBf27549@cut.iserver.net> > From: gin706 <gin706@yahoo.com> > To: msuarez > Subject: Hello,msuarez,welcome to my hometown > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary=G4h5823Dh8w468 > Content-Type: text/html; > > > > "dudiefluke" <dudiefluke@hotmail.com> wrote in message > news:797801c24956$97911cc0$9ae62ecf@tkmsftngxa02... > Many Thanks > > >-----Original Message----- > > > >Yes. > > > >Just be certain to keep updating your antivirus > definition files. > > > >I do it DAILY, and I also use Norton AV. > > > > > > > > > >-- > > > >Mark Strelecki, ACP BE6.XP1097.020817 > >Computing and Programming Since 1975 > >http://www.strelecki.com/links.html > >I MAKE IT GO! © > > > > > > > >"dudiefluke" <dudiefluke@hotmail.com> wrote in message > >news:691d01c2489d$e7d31170$9ae62ecf@tkmsftngxa02... > >> Reacently received an e-mail with the W32Klez virus. My > >> Norton AV detected it and after failing to repair it > >> quarentined it. I deleted the e-mail and deleted the > >> quarentined file, am I safe now? Norton AV reports no > >> virus but would like to be sure. Many Thanks. > > > > > >. > > > >
- Next message: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-045"
- Previous message: sv: "CreateProcessWithLogonW / STARTUP_INFO"
- In reply to: fooman: "Re: Question Re: Klez"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
