[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[pct-l] Klez virus

Subject: [pct-l] Klez virus
From: brick@fastpack.com (Brick Robbins)
Date: Thu, 16 May 2002 17:47:47 -0700
In-Reply-To: <000a01c1fd39$400ad720$b00bb70a@libretto>

At 05:23 PM 5/16/02, John Musielewicz wrote:
>Just to let you all know there is a virus going around which Norton doesn't
>detect. I just got a email with brick listed as the sender and [pct-l] in
>the subject. It had an attachment. I don't know if it was a virus I deleted
>it because it was slightly fishy. I hope no one on this list is sending out
>viruses. Is it possible to send attachments to this mailing list?


I got a copy of the virus too, but I didn't send it. 

Klez forges the "from" header.My copy of McAfee  grabbed it.

the infected computer is using the connection putc12161208075.cts.com [216.120.8.75]

FWIW I also got the same virus from the same IP address, but the from "header" was 
From: Bighummel <Bighummel@aol.com>

I am surprised that StripMime didn't strip the virus, especially since the header "X-StripMime: Non-text section removed by stripmime" was in the message
--
Brick Robbins                       mailto:brick@fastpack.com

References:
- [pct-l] Klez virus
  - From: jmusielewicz@earthlink.net (John Musielewicz)

Prev by Date: [pct-l] Klez virus
Next by Date: [pct-l] Klez virus
Prev by thread: [pct-l] Klez virus
Next by thread: [pct-l] Klez virus
Index(es):
- Date
- Thread