[Dshield] Klez

Stuart Whelan buffy at paradise.net.nz
Tue Jun 25 20:21:43 GMT 2002


If I understand correctly it does not rewrite the reply-to header, if it
exists.

In every Klez I have received (which is only abot 5 in total) I have
been able to sucessfully clean up the source machine or notify the user
by looking at the reply-to header line.

Cheers,
Stuart.
-----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Paul Marsh
Sent: Wednesday, June 26, 2002 7:00 AM
To: 'Dshield (E-mail)
Subject: [Dshield] Klez


I just want to take a quick poll, is everyone/anyone else still seeing
Klez attachments?  Some days I see a few maybe 5 or so but today I've
received about 30 of them.  It's just getting annoying, is there anyway
to truly locate the infected machine?   I just love it when an
attachment comes in saying it's from one of my users to another one of
my users and the attachment is infected.
Thanx, Paul  





More information about the list mailing list