Date: Wed, 31 Jul 2002 07:48:58 +0000 From: "neil barnes" <[EMAIL PROTECTED]> Subject: RE: [LIB] Klez/etc
>Date: Wed, 31 Jul 2002 08:41:12 +0800 >From: Raymond <[EMAIL PROTECTED]> >Subject: RE: [LIB] Klez/etc > >At 10:15 AM 30/07/2002 -0700, you wrote: >>Date: Tue, 30 Jul 2002 10:08:28 -0700 (PDT) >>From: Charles Hawtrey <[EMAIL PROTECTED]> >>Subject: RE: [LIB] Klez/etc >> >> >> > From: "Lines, Nick" <[EMAIL PROTECTED]> >> > >> > The point has been made many, many times, but the way viri like these >> > sods >> > now work is to not only send mail TO everyone in a contact list in >> > Outlook, >> > but also set the FROM address to be someone in the outlook address >>book. >> >>Unless I'm missing something, isn't the obvious solution "don't use >>Outlook"? Regardless of Outlook's intrinsic merits or demerits, it's by >>far the most popular target for viruses of any email program. So why not >>use something else? > >The problem isn't that WE are using Outlook. The problem is that whoever is >INFECTED is using Outlook and unfortunately has Nick's (or whoever's been >spoofed's) email address in THEIR address book. That's the problem with >this virus, it pretends to be from other people (in this case it pretends >to be from Nick) so the actual infection is a lot harder to trace, >especially if the email servers along the way don't mark the email. I could >be using the Pine mail client and Nick could be using the Elm mail client >(both about as virus proof as you could get as far as this sort of stuff is >concerned) but if a salesman who's got both our emails is using Outlook and >is infected, Nick could get a flood of Klez virus emails that look like >they're from me and vice versa, and if the email servers along the way >don't mark the emails, he'd have no way of knowing they were NOT from me >(unless of course he knew that the Klez virus actually does this). Agreed - those of us who <Mode: Holier than thou> *don't* use Internet Exploder and Lookout are pretty confident that we didn't originate this. </Mode> :) Though I'm being careful not to point any fingers without evidence (there's certainly no evidence that it's come from Nick), and it's damn hard to find anything that these viruseseses leave behind them, apart from damage... Klez and/or nimda are smart enough to examine the hard drive - in particular the explorer cache - to find useful addresses, apparently. Neil _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ************************************************************** http://libretto.basiclink.com - Libretto mailing list http://www.silverace.com/libretto/ - Archives -------TO UNSUBSCRIBE------- Reply to any of the list messages. The reply mail should be addressed to: [EMAIL PROTECTED] - Then replace any text on the message's subject line: cmd:unsubscribe --------TO UNSUBSCRIBE DIGEST------ Do above but with this on subject line: cmd:unsubscribe digest **************************************************************
