LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Problem with an errant virus warning

Jane Lyle <[log in to unmask]>

Sat, 7 Dec 2002 11:54:57 -0500

TEXT/PLAIN (41 lines)

On Sat, 7 Dec 2002, Paul Karagianis wrote:

> >There's no one with any address subscribed to the list. The log files for
> >this list do not have any postings from the address that's referenced in
> >the warning message.
>
> Uh, for those of us who feel we're missing something, why is this obviously
> NOT our friend Klez?

It definitely sounds like Klez or a similar virus to me--one that spoofs
addresses in the "from" line (perhaps this time by cobbling two different
addresses together) in order to hide the identity of the actual sending
ISP.

We've gotten a few form messages from ISPs over the last year telling us
that they've received infected messages from our list address itself,
which means that the person who is actually infected has our list address
either in his or her Outlook address book or somewhere on his or her hard
drive. It may not even be someone who is subscribed to the list, or has
ever been subscribed; all the virus needs to do its work is to find an
e-mail address somewhere in that computer to put in the "from" line.

Unfortunately, this is something you can't do anything about, unless you
can get the recipient to reveal the full headers and tell you where the
message actually was sent from. If that ISP is small and you have a
subscriber or two who use it, you might be able to help someone get the
virus cleaned off their system. Chances are, though, it will be a large
ISP, or one that you don't have a current subscriber from. And chances
also are that the spoofed address has never been subscribed to your list.

I'm in a lot of people's address books, and I get several infected
messages each week. I've learned to recognize them at first sight and
delete them, and I've long since quit trying to track the senders. I've
also been the victim once, with infected messages going out with my name
faked in the "from" line. Fortunately "I" sent one to myself, and through
the headers I was able to trace it to its source, who was as embarrassed
to find out that she was infected as I was to be accused by others of
sending a virus!

Jane

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM