Do you have the original message? Ignore the From: address, as Klez can spoof that address (i.e., someone else's system sends the message with your name as the From: address). You need to walk back through the routing info in the e-mail header to find the real sender...
- Robert
-----Original Message-----
From: John E Jewkes-AAA0OR-AAA0ID [mailto:aar0mi@private]
Sent: Saturday, September 14, 2002 10:31 AM
To: crime@private
Subject: CRIME How to stop this from happening.....
Hi All,
Hoping someone here has the right information to help me.
In addition to being the Webbie for the Army MARS Oregon
Website, I have my own personal Website (not sales or such,
just "Here I am World") hosted on Virtual Avenue. I keep seeing
messages in my 'alias' email such as:
Recipient of the infected attachment: Andrea Moe\Inbox
Subject of the message: Worm Klez.E immunity
One or more attachments were deleted
Attachment Page.exe was Deleted for the following reasons:
Virus W32.Klez.H@mm was found.
It comes into john@private and auto-forwards to the alias
john.jewkes@private EACH of these emails claims that john@private
sent it. I do NOT have any email facilities on the server, nor do I ever
send email with that e-address in it. (YES, I do know how to 'do' that in both
Netscape and IE Mail and Outlook /Express, BUT, I do not.....) The techs at
VirtualAve.net swear that their servers do NOT support Open Frame Relays.
Scans of my own computer also do not reveal the worm (Even went and got the
'worm scanner' specifically written for KLEZ from Norton's Homepage).
So, How do I stop it?
John Jewkes, SMD US ARMY MARS
Oregon/Idaho State Director
AAA0OR OR/AAA0ID ID/AAR0MI OR
W6HNC
This archive was generated by hypermail 2b30 : Sat Sep 14 2002 - 11:36:59 PDT