[Dshield] Re: Klez anyone?

Ellen Clary ellen at dgi.com
Sat Aug 24 16:39:11 GMT 2002

> On Thu, 2002-08-22 at 19:53, Dave wrote:
> > For the more knowledgeable virus types out there:  Can the Klez virus forge 
> > the IP in this line:
> >  >>Received: from Pgcdjo ([]) by out003.verizon.net
> > The name is obviously bogus, but if that IP is logged by the Verizon SMTP 
> > server, then we have the IP of the infected machine.  It sounds too good to 
> > be true.

Klez doesn't have control over what's in the [], (or the name that appears
*inside* the parens if there is one - which there isn't here.)  
It's the one thing you can generally rely on when dealing with Klez.

Ellen Clary
Senior System Administrator
Dynamic Graphics

More information about the list mailing list