The Klez virus gets into the Outlook E-mail on an infected machine and randomly selects a "From:" and "Subject:" from the person's e-mail inbox. This approach is intended to give the sent messages a different look every time it tries to spread itself. The "From" address is therefore "spoofed" and is almost never the e-mail address of the person whose computer is actually infected. If you know how to look at expanded e-mail headers, you can sometimes figure out where it really originated. -- Andy Oppel, N6AJO Pacific Division Vice Director (and full-time Oracle Database Administrator) At 11:49 PM 3/5/2003 -0800, you wrote:
Dick, it is most unlikely it came from any of my computers or that they are infected. It is not uncommon for these addresses to be created/forged. The only address I use is lucky@surfpage.com (other than wa6wzo@arrl.org); I have never had ISP service via Verizon (verizon.net).
BTW, I use Trend Micro hardware/software (GateLock) for automatic updated antivirus protection--incoming and outgoing. When I travel, I use Norton AntiVirus Auto-Protect software.
Tnx for your concern...73/Fried(*___*)rest=rust
----- Original Message ----- From: <dick@pobox.com> To: "arrl-odv" <arrl-odv@reflector.arrl.org> Sent: Thursday, March 06, 2003 7:20 AM Subject: [ARRL-ODV:8500] WA6WZO Computer Has The Klez Virus
6 MAR, 2003 - 2110 CST
Hello Fried...
Apprently, your computer is infected with the Klez 32 Worm virus. It sent me the message below with an attached file named "PLAY.EXE". My antivirus software, McAffee, caught and destroyed it.
This is not a new virus. It's been around for about two years and it can take many forms. PLAY.EXE is just one of the gambits it uses to get the victim to open the executable file that probably came from someone you know.
Chances are, your computer has sent various bogus messages to everyone in your email address book. I urge you to tell your correspondents to NOT OPEN any attached file coming from you until your are sure you have purged this virus.
73 - Dick, W9GIG ================================================================== Delivered-To: dick@pobox.com Received: from mail.ARRL.ORG (mail.arrl.org [209.140.206.216]) by cali-2.pobox.com (Postfix) with ESMTP id BD3923E6B3 for <Dick@pobox.com>; Wed, 5 Mar 2003 21:48:46 -0500 (EST) Received: from out017.verizon.net ([206.46.170.94]) by mail.ARRL.ORG with Microsoft SMTPSVC(5.0.2195.5329); Wed, 5 Mar 2003 21:48:44 -0500 Received: from Cmxtsi ([66.126.39.70]) by out017.verizon.net (InterMail vM.5.01.05.27 201-253-122-126-127-20021220) with SMTP id <20030306024830.UNJX6721.out017.verizon.net@Cmxtsi> for <w9gig@arrl.org>; Wed, 5 Mar 2003 20:48:30 -0600 From: wa6wzo <wa6wzo@arrl.org> To: w9gig@arrl.org Subject: A humour game MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=O3TE46U6841cOoR633 Message-Id: <20030306024830.UNJX6721.out017.verizon.net@Cmxtsi> Date: Wed, 5 Mar 2003 20:48:41 -0600 X-OriginalArrivalTime: 06 Mar 2003 02:48:44.0554 (UTC) FILETIME=[E74F96A0:01C2E38A]
Content-Type: text/html;
Hello,This is a humour game This game is my first work. You're the first player. I expect you would enjoy it.
Attached file: PLAY.EXE was deleted.
Andy Oppel andy@andyoppel.com