We're stopping tons with the same sender address too.   After the first couple dozen I decided the user must actually have the virus.  We knew them, contacted them by phone and explained the problem.  They were/are totally clueless and have no idea how to go about getting virus software and scanning for Klez. <sigh>  I contacted their ISP and they said they will be shutting down their e-mail account until they get the problem solved.
 
- Rodney
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heimir Eidskrem
Sent: Tuesday, August 20, 2002 1:44 PM
To: [EMAIL PROTECTED]
Subject: [Declude.Virus] Klez and IP

We are stopping tons of klez infected mail using the same sender address.
 
My question is regarding the reported remote ip address - the ip address reported using the %remoteip% is that the actually ip address of the computer sending the virus or is that also forged by the virus?
 
So far I have logged 25 different ip addresses using the same sender address.
 
Thanks,
H.
 

Reply via email to