Hi Prof; I guess that's pretty much what I said in my reply but not nearly as cogent ;-)
TFlan ----- Original Message ----- From: "Dave Tutelman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, January 14, 2003 9:14 AM Subject: Re: ShopTalk: Possible virus from Tflan > At 10:54 AM 1/14/03 -0500, Grampa wrote: > >Just curious--is my grampa email address listed in your OE address > >book? Klez uses the address book to secretly send out the virus to > >everyone in your book. > > Quite a few viruses work that way, but some strains of Klez are even > sneakier. They go through the infected computer's mail addresses and, > assuming that there are communities of interest there, send messages to A > claiming to be from B (where the infected computer is C). > > I found out about this after several incidents where someone told me they > had received a virus from me. The strange thing was that the incidents were > separated by weeks or months, and each was only a single virus sighting. I > have a pretty big address book; if I were Klez-infected, there would have > been many more complaints. Also, in one or more of the cases, my Klez > scanner found no Klez files on my machine, not even in quarantine. So I > looked it up. > > If you're a techie and want to tell if it was really from TFlan or from a > third party that knows you both... You can look at the headers of the > message (if you dare) and see if the initiating SMTP server looks like > TFlan's ISP. If you don't see his ISP in the server list, it came from > somebody else. If you DO see his ISP on the list, it probably came either > from him or someone who subscribes to the same ISP. > > Possibly more than you really wanted to know. > > Good luck! > DaveT >
