On Sat, 27 Apr 2002 10:08:11 -0500, Samuel W. Heywood wrote:
> On Sat, 27 Apr 2002 06:27:06 -0400 (EDT), Thomas Mueller wrote:
>> I received a 128 KB message with a suspicious attachment, apparently from an
>> Adaptec support address (very strange) but with a different Return-Path. I
>> didn't have KLEZ on my mind, but it looked like a likely virus. Bluegrass
Net
>> mail server converts .exe ending to ~exe in the attachment subheaders to
>> prevent a careless recipient from automatically running a strange attachment.
>> Here is what I received, including headers, truncating most of the
attachment:
> What you received is the KLEZ.H virus. I have received more than a
> dozen. The virus forges the "From:" header. Some of the KLEZ.H virii
> that I have received had the email addresses of some Arachne List
> members forged into the "From:" header. KLEZ.H is a new variant. It
> was first discovered in the wild on April 17th. Your virus scanning
> software won't detect it unless you have the very latest virus
> definition files.
FWIW.....
I got 2 of them from my own sister.
The virus def files for F-Prot dated 17 April still do not identify
these attachments as viri.
BRB
______
Ah HA!
New ones up. (sign.def 24 Apr and macro.def 19 Apr)
BRB
____
No good.
They still show as being "clean".
_________
-- 1st one -----------
Return-path: <[EMAIL PROTECTED]>
Received: from saturn.charterpa.net (saturn.charterpa.net [24.197.48.16])
by mail.cisnet.com
(Vircom SMTPRS 4.5.186) with ESMTP id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>;
Thu, 4 Apr 2002 18:43:54 -0500
Received: from mail.charterpa.net (pa-gbg-ts-05-024-197-054-111.charterpa.net
[24.197.54.111])
by saturn.charterpa.net (8.9.3/8.9.3) with SMTP id SAA01635;
Thu, 4 Apr 2002 18:43:30 -0500
Date: Thu, 4 Apr 2002 18:43:30 -0500
Message-Id: <[EMAIL PROTECTED]>
FROM: Scott Farber <[EMAIL PROTECTED]>
SUBJECT: You may experience various
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Outlook Express 4.72.3612.1700
MIME-Version: 1.0
______________________
------- 2nd one ------
Return-path: <[EMAIL PROTECTED]>
Received: from saturn.charterpa.net (saturn.charterpa.net [24.197.48.16])
by mail.cisnet.com
(Vircom SMTPRS 4.5.186) with ESMTP id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>;
Mon, 22 Apr 2002 22:48:05 -0400
Received: from computer (pa-gbg-ts-06-024-197-055-181.charterpa.net
[24.197.55.181])
by saturn.charterpa.net (8.9.3/8.9.3) with SMTP id WAA03551;
Mon, 22 Apr 2002 22:44:37 -0400
Message-ID: <00da01c1ea70$d2d389c0$b537c518@computer>
From: "Scott Farber" <[EMAIL PROTECTED]>
______________________
Both of them actually DID come from my sister and her husband.
Their machine is running the latest-greatest WinCrap with the
latest-greatest(???) M$ lookout express.
--
Glenn
http://arachne.cz/
http://www.delorie.com/listserv/mime/
http://www.angelfire.com/id/glenndoom/download.htm
http://www.thispagecannotbedisplayed.com/
