[Dshield] Klez header question

Paul Marsh pmarsh at nmefdn.org
Thu Aug 29 17:02:34 GMT 2002


Attached is a header from klez.  I know it's hard to impossible to really
know what system is infected and sending these but this is the third time in
so many weeks that I've received these.  I get about 15-20 of them in a 5
minute time frame and then I'll get nothing for a week.  Scanmail is doing a
very nice job on my perimeter so we're staying clean but I'd like to track
down the human/box that's infected.  Please note the "X-Apparently-From:
Brianfitzgerald at aol.com" in the header, is it possible that this is the
human?  AOL seams to be the only headers that have this line.  

Thanx, Paul

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Klez.txt
Url: http://www.dshield.org/pipermail/list/attachments/20020829/07d7a362/Klez.txt


More information about the list mailing list