RE: Klez
- Posted by rforno at tutopia.com
Oct 17, 2002
Irv:
I received this mail twice, with a time difference of many hours. Did it
contain some vir$%"ยท&&%&--/// AAAARGGHH!
----- Original Message -----
From: <irv at take.maxleft.com>
Subject: Klez
>
> Someone, it appears, is harvesting the bogus e-mail addresses
> from Topica to use in sending out Klez viruses.
>
> I just received one claiming to be from: jbrow~ at speedymail.org
> The return address was also jbrow~@ (another address).
> Note: I do not claim that the real j.brown sent these.
> Klez addresses are always forged.
>
> Neither of those are real addresses (see the tilde?);
> they are in the "hidden" form which Topica uses when displaying the
> posts on this list.
>
> Attached was the virus plus the RDS registration form.(register.doc).
> (It's always interesting to look at the attachment, since it is picked
> at random from the user's disk. Sometimes it contains personal info,
> more often info about web sites they have visited.)
>
> Anyone receiving Euforum posts via e-mail gets the *real* e-mail address
> of the sender, so that would be what gets into their Outlook Express
> address book to be used by the Klez worm. So how did the "hidden"
> addresses get into Outlook?
>
> Regards,
> Irv
>
>
>
>
|
Not Categorized, Please Help
|
|
