[Dshield] Klez header question
pmarsh at nmefdn.org
Thu Aug 29 17:02:34 GMT 2002
Attached is a header from klez. I know it's hard to impossible to really
know what system is infected and sending these but this is the third time in
so many weeks that I've received these. I get about 15-20 of them in a 5
minute time frame and then I'll get nothing for a week. Scanmail is doing a
very nice job on my perimeter so we're staying clean but I'd like to track
down the human/box that's infected. Please note the "X-Apparently-From:
Brianfitzgerald at aol.com" in the header, is it possible that this is the
human? AOL seams to be the only headers that have this line.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the list