RE: CRIME How to stop this from happening.....

From: Andrew Plato (aplato@private)
Date: Sat Sep 14 2002 - 23:30:18 PDT

Next message: John E Jewkes-AAA0OR-AAA0ID: "CRIME Thanks for the info ref: Spoofed by Klez"

Previous message: Shaun Savage: "Re: CRIME How to stop this from happening....."
Maybe in reply to: John E Jewkes-AAA0OR-AAA0ID: "CRIME How to stop this from happening....."
Next in thread: Tim Kramer: "Re: CRIME How to stop this from happening....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You need to track down the original sender of the email. Klez spoofs addresses. The virus isn't coming to your machine. Its coming from somebody else who has your email address. If you can track that person down, you can warn them and they can clean their machine.

There are patches to Outlook/Outlook Express to protect them from Klez type viruses. You should tell your friend to download those patches (www.windowsupdate.com) and get a virus scanner.

------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com <http://www.anitian.com>
------------------------------------

-----Original Message-----
From: John E Jewkes-AAA0OR-AAA0ID [mailto:aar0miat_private]
Sent: Sat 9/14/2002 10:31 AM
To: crimeat_private
Cc:
Subject: CRIME How to stop this from happening.....

Hi All,
Hoping someone here has the right information to help me.
In addition to being the Webbie for the Army MARS Oregon
Website, I have my own personal Website (not sales or such,
just "Here I am World") hosted on Virtual Avenue. I keep seeing
messages in my 'alias' email such as:

Recipient of the infected attachment: Andrea Moe\Inbox
Subject of the message: Worm Klez.E immunity
One or more attachments were deleted
Attachment Page.exe was Deleted for the following reasons:
Virus W32.Klez.H@mm was found.

It comes into johnat_private and auto-forwards to the alias
john.jewkesat_private EACH of these emails claims that johnat_private
sent it. I do NOT have any email facilities on the server, nor do I ever
send email with that e-address in it. (YES, I do know how to 'do' that in both
Netscape and IE Mail and Outlook /Express, BUT, I do not.....) The techs at
VirtualAve.net swear that their servers do NOT support Open Frame Relays.
Scans of my own computer also do not reveal the worm (Even went and got the
'worm scanner' specifically written for KLEZ from Norton's Homepage).

So, How do I stop it?
John Jewkes, SMD US ARMY MARS
Oregon/Idaho State Director
AAA0OR OR/AAA0ID ID/AAR0MI OR
W6HNC

Next message: John E Jewkes-AAA0OR-AAA0ID: "CRIME Thanks for the info ref: Spoofed by Klez"
Previous message: Shaun Savage: "Re: CRIME How to stop this from happening....."
Maybe in reply to: John E Jewkes-AAA0OR-AAA0ID: "CRIME How to stop this from happening....."
Next in thread: Tim Kramer: "Re: CRIME How to stop this from happening....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Sep 15 2002 - 00:23:09 PDT