LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Klez virus / e-mails I didn't send
From:	David Gillett <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Sun, 2 Jun 2002 19:39:08 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (60 lines)

On 2 Jun 2002, at 14:40, Ryan E. Schutte wrote:

> Lately, I have been getting the klez virus in my e-mail a lot.
> Most generally, they come in pairs and come from people I have no
> clue who they are.  I've been getting probably 2 a day on average
> for the last week.  Norton always catches it and I delete the file
> before I even have a chance to look at the e-mail, so I don't
> believe I'm infected.  I have also done a full system scan with new
> virus definitions resulting in nothing.
>
> In the last week, I have also gotten 5 e-mails saying that an
> e-mail I sent couldn't be delivered and has reference to the klez
> virus in it.  All of these of course, give the e-mail address they
> were supposedly originally sent to and from.  They were supposedly
> from me ([log in to unmask]), but none of the 5 supposed to be
> recipients are e-mails that I even recognize.  I have about 150
> addresses in my address book, but none of the ones that I
> supposedly sent are in my address book and nobody has said that
> they've gotten a virus from me that I do write to.  I don't
> believe I am infected and that the virus is going through my
> address book because of this.
>
> My question....
>
> Has this been happening to anyone else?  The reason I'm writing
> now, is my sister got 3 of this same thing.... returned
> undeliverable e-mails from her, to people we have no clue who they
> are - totally different computer.  The three supposedly from her
> were spam e-mails - the 5 supposedly from me didn't have anything
> 'readable' in them.
>
> What could cause this?  Are people sending spam starting to send
> things under other people's e-mail addresses now?
>
> --
> Ryan E. Schutte

  The behaviour of the Klez worm is well documented.  If A's machine
gets infected, it starts sending infected emails to B, claiming they
come from C, where B and C are both addresses found in user A's
address book -- B and C both are known to A, but they may not know
each other.
  So if some friend of yours gets the virus, you may see two things
(both of which you describe...):  Infected messages from your
friend's machine, claiming to come from other firends of his whom you
do not know, and message delivery failure reports where his machine
has sent out infected messages that claimed to be coming from you.

  I've recently helped a friend clean Klez off his machine, and
another of his behaviours that we noticed was that it agressively
kills antivirus utilities.  I can confidently sate that if Norton
Antivirus on your machine is detecting Klez in incoming messages,
your machine is definitely NOT infected.

David Gillett

        The NOSPIN Group provides a monthly newsletter with great
       tips, information and ideas: NOSPIN-L, The NOSPIN Magazine
           Visit our web site to signup: http://freepctech.com

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG