[plug] You've got virus! (was: A very excite game)
Justin
justin at inwa.com.au
Tue May 14 09:21:14 WST 2002
Actually Gents - that email virus is Klez.E and it is a clever little virus...
http://www.europe.fsecure.com/vdescs/klez.shtml
A quick summary (we have been getting this virus lots) is that it
compromises a Windoze machine, then takes two addresses out of the machines
address book - and sends an email from one address to the other! We have
been receiving email that look like they come from someone in our school,
that are directed to others in our school... once we worked out what was
happening we blocked suspicious email...
With our Groupwise system, if you get the email before it is processed by
the mail gateway there is an extra heading that states where the email
actually comes from - see following example (email addresses changed to
protect etc).. this might be the same on other systems (have not checked yet)..
MAIL FROM:< infected person at isp.com >
RCPT TO:<address1 at book.com>
XGWIA: Thu, 09 May 2002 22:08:55 +0800;
mail.iinet.net.au(symphony04.iinet.net.au [203.59.3.36])
Received: from mail.iinet.net.au
(symphony04.iinet.net.au [203.59.3.36])
by 203.59.134.50; Thu, 09 May 2002 22:08:55 +0800
Received: (qmail 27561 invoked by uid 666); 9 May 2002 14:05:14 0000
Received: from unknown (HELO Vicnzarz) (203.59.207.47)
by iinet.net.au with SMTP; 9 May 2002 14:05:14 0000
From: mikec <address2 at book.com>
To: address1 at book.com
Subject: Worm Klez.E immunity
Justin
More information about the plug
mailing list