[Dshield] Klez any one

John Groseclose iain at caradoc.org
Thu Aug 22 23:08:24 GMT 2002


* Daniels566 at cs.com <Daniels566 at cs.com> [020822 15:42]:
> Hello everyone, My wife who is in the Pet Rescue Business received an e-mail 
> response from an associate rescuer that my wife's machine was compromised 
> with the Klez virus in an attachment she received from my wife. Well I know 
> the machine but just being cautious I spent 3 Hr. digging and nada thing in 
> there. ( I shoyed of stuck with my first intuition) I asked this person to 
> forward me the e-mail she received so I could look over the header. As it 
> turned out, The heading was similer to my wifes e-mail address but wrong mail 
> server (IP)  I contacted the original IP which is Juno and it turned out it 
> was forged as well as the e-mail address and they said it never came through 
> them. This is a copy of the contents and the return path.

Klez is known to forge headers when sending itself. Just check your own machine, and if it's clean, forget about it.

I'm working on getting my own mailserver to simply > /dev/null any klez warnings at all - it's been around long enough now that if you've got it, you probably shouldn't be using a computer anyway.




More information about the list mailing list