[ale] Klez question

Geoffrey esoteric at 3times25.net
Tue Aug 6 10:15:31 EDT 2002


Irv Mullins wrote:
> On Monday 05 August 2002 04:35 pm, you wrote:
> 
>>On Mon, 2002-08-05 at 11:51, Irv Mullins wrote:
>>
>>>I've been getting lots of Klez e-mails.
>>>I realize that the from: is always forged. However, several of
>>>the e-mails have something in common (aside from being
>>>sent by Outlook Express;) -
>>>
>>The return-path is the real sender of Klez mails.
>>
> 
> Thanks. What puzzled me was that I have four virus mails, 
> from 4 different persons, according to the return-path, but all 
> 4 contain a line 
> 
> X-Apparently-From:  xxx at aol.com
> 
> where xxx is the real name of an actual person.

Understand, klez searches a persons address book and icq database for 
email addresses to send to.  I'd suspect that this person is probably 
the infected person and is where the email viri is originating from.  A 
guess mind you.


> That person has a very unusual name (probably only 
> one in the US)  - and - has corresponded with us via e-mail 
> previously. None of the four named in the return-paths have 
> ever had reason to contact us, therefore would be unlikely to 
> have our address in their addressbooks.  That is what makes 
> me suspicious that the return-path may also be forged, and 
> that the real source is xxx.
> 
> Any thoughts?
> 
> Thanks,
> Irv
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 
> 


-- 
Until later: Geoffrey		esoteric at 3times25.net

I didn't have to buy my radio from a specific company to listen
to FM, why doesn't that apply to the Internet (anymore...)?


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list