Date: Wed, 24 Jul 2002 19:28:16 +0000 From: "Matthew Hanson" <[EMAIL PROTECTED]> Subject: Worm Klez.E immunity
I just got the email below about a "Worm Klez.E immunity" program that says Pres sent it to me from his [EMAIL PROTECTED] address. But by looking at the header, I can see it originated from: [EMAIL PROTECTED] The attachment looks more like the Klez virus itself in a .scr file. I sent a message to [EMAIL PROTECTED], and received an automated reply saying that they would look into the problem. The note I sent Pres bounced back from his ISP saying that his mail quota there had been exceeded. Guess we know what that means. If someone knows another email address for him, maybe you could forward this to him, though my guess is he's already aware of the problem. Google reports the following for netvision.net.il is: -------------------- Netvision This page uses frames, but your browser doesn't support them. Description: ??? ???? ?? ??? ??????? ???? ??????? ?????? Category: World > Hebrew > ?????? -------------------- (Hebrew characters didn't paste in) I wonder if this is part of a coordinated effort to mess up the internet. Matt Source for the email I received: ------------------------------------------------------ >From [EMAIL PROTECTED] Wed, 24 Jul 2002 04:09:30 -0700 Received: from [194.90.9.24] by hotmail.com (3.2) with ESMTP id MHotMailBF07D56D00684004324FC25A0918CAA53; Wed, 24 Jul 2002 04:07:37 -0700 Received: from Arop ([62.0.150.217]) by mxout3.netvision.net.il (iPlanet Messaging Server 5.2 HotFix 0.8 (built Jul 12 2002)) with SMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Wed, 24 Jul 2002 13:44:42 +0300 (IDT) Date: Wed, 24 Jul 2002 13:44:09 +0300 (IDT) Date-warning: Date header was inserted by mxout3.netvision.net.il From: pres <[EMAIL PROTECTED]> Subject: Worm Klez.E immunity To: [EMAIL PROTECTED] Message-id: <[EMAIL PROTECTED]> MIME-version: 1.0 Content-type: multipart/alternative; boundary="Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ)" --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ) Content-type: text/html Content-transfer-encoding: 7BIT <HTML><HEAD></HEAD><BODY> <FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.<br> Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br> We developed this free immunity tool to defeat the malicious virus.<br> You only need to run this tool once,and then Klez will never come into your PC.<br> NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br> If so,Ignore the warning,and select 'continue'.<br> If you have any question,please <a href=mailto:[EMAIL PROTECTED]>mail to me</a>.</FONT></BODY></HTML> --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ) Content-id: <BxKH48MpT> Content-type: application/octet-stream; name=Jfcaq.scr Content-transfer-encoding: base64 Content-disposition: attachment; filename=Jfcaq.scr TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g RE9TIG1vZGUuDQ0KJAAAAAAAAAAYmX3gXPgTs1z4E7Nc+BOzJ+Qfs1j4E7Pf5B2zT/gTs7Tn GbNm+BOzPucAs1X4E7Nc+BKzJfgTs7TnGLNO+BOz5P4Vs134E7NSaWNoXPgTswAAAAAAAAAA .......<snip>...... +7iGPsZ9eYseukPvWIbAOa92zFKfjcAswCRyXrlhQq3UcRbwBtCnHKZ+UmEcZhM3hgG4cnRO iOSMDzUz/AOT9hPYiE2gyQ5WGg7Bz43Mw0eLIxy8j1gQGRLixU7oHy6PaHmo5HLt3LHE6XFL BlIkxi2Erxj0FnoGEcM3TsF5iFWAQFfSJDaTjxDr89cJwkJtvwsl4LXrr+P2AnHWPaAFQPID yh0hZQMJgnZY8Ajvo6xi1v5YALXa77wIZMlRRK5OAP4gq2UzdH+5lIW3fPzAumO0LZVPUf8A Ykc57rcEL5hWDTGG3n9BBESx2RzJc0bT3xryqKLj68n+IrGdgiez96Ft+TLXWXrhIUdj3V3I Wg0iWj0cxanu6mI9OX9yrP8AIv2BBGwistenSZALc5v+ZeHHvZCnQHCkscs4MSxabpT4lWOy Fiitcrly3AahZPWE33x+vR5fabd93a47/ef/AP8A/wA/J7zb+s8lr3mqXyZy7OJv/wBfCdP7 zh3z4f8ADPlZ5Rdcdo+XU3/rNj+M/9=9 --Boundary_(ID_LMQ0shXRFgwKTmnrZ++MuQ)-- _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
