[Dshield] Klez any one

Daniels566@cs.com Daniels566 at cs.com
Thu Aug 22 22:25:32 GMT 2002


Hello everyone, My wife who is in the Pet Rescue Business received an e-mail 
response from an associate rescuer that my wife's machine was compromised 
with the Klez virus in an attachment she received from my wife. Well I know 
the machine but just being cautious I spent 3 Hr. digging and nada thing in 
there. ( I shoyed of stuck with my first intuition) I asked this person to 
forward me the e-mail she received so I could look over the header. As it 
turned out, The heading was similer to my wifes e-mail address but wrong mail 
server (IP)  I contacted the original IP which is Juno and it turned out it 
was forged as well as the e-mail address and they said it never came through 
them. This is a copy of the contents and the return path.
Message Start
Forwarded Message:
Subj: A nice game 
Date: 8/18/02 9:36:10 PM Eastern Daylight Time
From: adoptapet2 at juno.com
To: Wolves5149 at aol.com
Received from Internet: click here for more information

This is a special nice game
This game is my first work.
You're the first player.
I expect you would enjoy it.

>My wifes e-mail is adoptapettasap at cs.com She also has a web site with MSN
  http://msnusers.com/adoptapetasap. it leads me to suspect that AOL/MS are 
the ones that are compromised <
 
Return-Path: <adoptapet2 at verizon.net>
Received: from  rly-xg02.mx.aol.com (rly-xg02.mail.aol.com [172.20.115.199]) 
by air-xg01.mail.aol.com (v87.22) with ESMTP id MAILINXG13-0818213610; Sun, 
18 Aug 2002 21:36:10 -0400
Received: from  out003.verizon.net (out003pub.verizon.net [206.46.170.103]) 
by rly-xg02.mx.aol.com (v87.22) with ESMTP id MAILRELAYINXG25-0818213515; 
Sun, 18 Aug 2002 21:35:15 -0400
Received: from Pgcdjo ([205.152.62.117]) by out003.verizon.net
          (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
          id <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
          for <Wolves5149 at aol.com>; Sun, 18 Aug 2002 20:35:44 -0500
From: adoptapet2 <adoptapet2 at juno.com>
To: Wolves5149 at aol.com
Subject: A  nice game
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary=Khaz84sDP3z0cb68Cj9W63C5597938
Message-Id: <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
Date: Sun, 18 Aug 2002 20:36:15 -0500

I have the package but not the least bit interested right now to tear it 
down. If any one is interested I can forward it to you.
Contact me  john, e-mail:  adoptapettasap at cs.com
John Daniels

When they breed a dog that can sniff e-mail I'll buy two!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020822/4527094a/attachment.htm


More information about the list mailing list