[Dshield] Klez any one

John Groseclose iain at caradoc.org
Fri Aug 23 14:24:50 GMT 2002


At 9:53 PM -0500 8/22/02, Dave wrote:
>We've had a whole bunch of Klez bounce off our gateway scanner, and 
>the vast majority of them seem to be coming from verizon.net.  In 
>fact, the header posted is very similar to ones that I have pulled 
>locally.  Maybe we can get Verizon to shut down the open-relay 
>servers they are running..?  The virus seems to be using them at an 
>abnormally high rate...

The use of the Verizon mailservers appears to be hardcoded into Klez. 
When the virus is unable to connect to any mailservers, it 
automatically falls back to attempting the Verizon mailservers 
because they're open relays.
-- 
John Groseclose
iain at caradoc.org




More information about the list mailing list