[Dshield] Klez any one

stephen galowski sgalow at ihug.com.au
Fri Aug 23 01:36:32 GMT 2002


what you can do is install or purchase nod32 
and install it catches the viruses in bound as it scan them all for you 
stephen

  ----- Original Message ----- 
  From: Daniels566 at cs.com 
  To: list at dshield.org 
  Cc: Daniels566 at cs.com 
  Sent: Friday, August 23, 2002 8:25 AM
  Subject: [Dshield] Klez any one


  Hello everyone, My wife who is in the Pet Rescue Business received an e-mail response from an associate rescuer that my wife's machine was compromised with the Klez virus in an attachment she received from my wife. Well I know the machine but just being cautious I spent 3 Hr. digging and nada thing in there. ( I shoyed of stuck with my first intuition) I asked this person to forward me the e-mail she received so I could look over the header. As it turned out, The heading was similer to my wifes e-mail address but wrong mail server (IP)  I contacted the original IP which is Juno and it turned out it was forged as well as the e-mail address and they said it never came through them. This is a copy of the contents and the return path.
  Message Start
  Forwarded Message:
  Subj: A nice game 
  Date: 8/18/02 9:36:10 PM Eastern Daylight Time
  From: adoptapet2 at juno.com
  To: Wolves5149 at aol.com
  Received from Internet: click here for more information

  This is a special nice game
  This game is my first work.
  You're the first player.
  I expect you would enjoy it.

  >My wifes e-mail is adoptapettasap at cs.com She also has a web site with MSN
    http://msnusers.com/adoptapetasap. it leads me to suspect that AOL/MS are the ones that are compromised <

  Return-Path: <adoptapet2 at verizon.net>
  Received: from  rly-xg02.mx.aol.com (rly-xg02.mail.aol.com [172.20.115.199]) by air-xg01.mail.aol.com (v87.22) with ESMTP id MAILINXG13-0818213610; Sun, 18 Aug 2002 21:36:10 -0400
  Received: from  out003.verizon.net (out003pub.verizon.net [206.46.170.103]) by rly-xg02.mx.aol.com (v87.22) with ESMTP id MAILRELAYINXG25-0818213515; Sun, 18 Aug 2002 21:35:15 -0400
  Received: from Pgcdjo ([205.152.62.117]) by out003.verizon.net
            (InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
            id <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
            for <Wolves5149 at aol.com>; Sun, 18 Aug 2002 20:35:44 -0500
  From: adoptapet2 <adoptapet2 at juno.com>
  To: Wolves5149 at aol.com
  Subject: A  nice game
  MIME-Version: 1.0
  Content-Type: multipart/alternative;
  boundary=Khaz84sDP3z0cb68Cj9W63C5597938
  Message-Id: <20020819013544.XWIF13272.out003.verizon.net at Pgcdjo>
  Date: Sun, 18 Aug 2002 20:36:15 -0500

  I have the package but not the least bit interested right now to tear it down. If any one is interested I can forward it to you.
  Contact me  john, e-mail:  adoptapettasap at cs.com
  John Daniels

  When they breed a dog that can sniff e-mail I'll buy two! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20020823/8153c1db/attachment.htm


More information about the list mailing list