At 10:54 AM 1/14/03 -0500, Grampa wrote:
Quite a few viruses work that way, but some strains of Klez are even sneakier. They go through the infected computer's mail addresses and, assuming that there are communities of interest there, send messages to A claiming to be from B (where the infected computer is C).Just curious--is my grampa email address listed in your OE address book? Klez uses the address book to secretly send out the virus to everyone in your book.
I found out about this after several incidents where someone told me they had received a virus from me. The strange thing was that the incidents were separated by weeks or months, and each was only a single virus sighting. I have a pretty big address book; if I were Klez-infected, there would have been many more complaints. Also, in one or more of the cases, my Klez scanner found no Klez files on my machine, not even in quarantine. So I looked it up.
If you're a techie and want to tell if it was really from TFlan or from a third party that knows you both... You can look at the headers of the message (if you dare) and see if the initiating SMTP server looks like TFlan's ISP. If you don't see his ISP in the server list, it came from somebody else. If you DO see his ISP on the list, it probably came either from him or someone who subscribes to the same ISP.
Possibly more than you really wanted to know.
Good luck!
DaveT
