[Dshield] Re: Klez anyone?
ellen at dgi.com
Sat Aug 24 16:39:11 GMT 2002
> On Thu, 2002-08-22 at 19:53, Dave wrote:
> > For the more knowledgeable virus types out there: Can the Klez virus forge
> > the IP in this line:
> > >>Received: from Pgcdjo ([184.108.40.206]) by out003.verizon.net
> > The name is obviously bogus, but if that IP is logged by the Verizon SMTP
> > server, then we have the IP of the infected machine. It sounds too good to
> > be true.
Klez doesn't have control over what's in the , (or the name that appears
*inside* the parens if there is one - which there isn't here.)
It's the one thing you can generally rely on when dealing with Klez.
Senior System Administrator
More information about the list