On Fri, 07 Jun 2002 06:36:23 -0500, Samuel W. Heywood wrote: > Hello Fellow Arachnians:
> I am receiving KLEZ.H viruses rather frequently. All of them bear > a forged "From:" address, usually being the email address of a fellow > Arachne List subscriber. I know we are not the ones who are sending > these things out. The true origins of the virii are from email > addresses and SMTP servers which none of us are known to use. > I may presume of course that the culprits must have our email > addresses in their address books. Does anyone have any ideas as to > why these culprits would be collecting our email addresses? > Whatever the reasons, I'm sure their purposes are not legitimate. > I wish all the email accounts that are known to send KLEZ.H virri > would get shut down. KLEZ.H is especially evil because it results > in innocent people getting accused of proliferating virii. The "culprits" as you call them are not the ones doing the "collecting" of our eMail addresses. It's KLEZ itself which does the collecting. It "scans" any and every file on an infected drive looking for eMaill addresses. (and not just in the address book) The only program(s) effected by KLEZ .... you guessed it, `M$ lookout' and `lookout express'. Oh yeah, The latest varients of KLEZ are not only faking the "from" line of the message. But are able to fake the "return path" line as-well. The last several copies sent to me have had "faked" from and return path line which matched each other. The first few I got did not match. -- Glenn http://arachne.cz/ http://www.delorie.com/listserv/mime/ http://www.angelfire.com/id/glenndoom/download.htm http://www.thispagecannotbedisplayed.com/
