[ale] Klez virus
James P. Kinney III
jkinney at localnetsolutions.com
Mon Mar 31 13:28:46 EST 2003
The closest apparent "sender" is
c-c-24-98-68-66.atl.client2.attbi.com24-98-68-66.atl.client2.attbi.com
which is a dhcp-named machine.
And yes, anyone using a "learnlink.emory.edu" address would not have a
clue as to how the spoof source addresses in email :)
On Mon, 2003-03-31 at 11:42, Sean Kilpatrick wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am not very good at decyphering header data.
> Can anyone tell me where this little goodie
> _might_ have come from?
> Obviously enough, the attachments have not been
> made part of this message. I say that with
> the near certainty that the attachments are,
> indeed, the virus.
>
> Sean
>
> PS the "From:" line is obviously spoofed as that
> individual wouldn't have a clue about creating
> a anti-virus virus.
> - ------------------- <copied material follows> -----------------
>
> Status: R
> Return-Path: <dwender1 at comcast.net>
> Received: from smtp.comcast.net ([24.153.64.109])
> by wanamaker.mail.atl.earthlink.net (Earthlink Mail Service) with
> SMTP id 18ZTmn77U3Nl3oJ0
> for <kilpatms at mindspring.com>; Mon, 31 Mar 2003 02:05:35 -0500 (EST)
> Received: from Zjqulo (c-24-98-68-66.atl.client2.attbi.com [24.98.68.66])
> by mtaout11.icomcast.net
> (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
> with SMTP id <0HCL00AKJQAD5J at mtaout11.icomcast.net> for
> kilpatms at mindspring.com; Mon, 31 Mar 2003 02:03:52 -0500 (EST)
> Date: Mon, 31 Mar 2003 02:03:49 -0500 (EST)
> Date-warning: Date header was inserted by mtaout11.icomcast.net
> From: rschult <rschult at LearnLink.Emory.Edu>
> Subject: Worm Klez.E immunity
> To: kilpatms at mindspring.com
> Message-id: <0HCL00AKKQAD5J at mtaout11.icomcast.net>
> MIME-version: 1.0
> Content-type: multipart/alternative;
> boundary="Boundary_(ID_yI3GAkUX7+ZkfJF9/2Lgew)"
> X-Status: N
>
>
> <HTML><HEAD></HEAD><BODY>
>
> <FONT>Klez.E is the most common world-wide spreading worm.It's very
> dangerous by corrupting your files.<br>
> Because of its very smart stealth and anti-anti-virus technic,most common AV
> software can't detect or clean it.<br>
> We developed this free immunity tool to defeat the malicious virus.<br>
> You only need to run this tool once,and then Klez will never come into your
> PC.<br>
> NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV
> monitor maybe cry when you run it.<br>
> If so,Ignore the warning,and select 'continue'.<br>
> If you have any question,please <a
> href=mailto:rschult at LearnLink.Emory.Edu>mail to
> me</a>.</FONT></BODY></HTML>
>
> - ----------------------- <end copied material> ------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE+iG/h73hVp4UeGJERAv/VAKDHCkYVt2S+Mbg7C81pxtSUGPSOUwCeO7RZ
> Tod/k9S90/2v4uNvNs2KbLg=
> =6PJY
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) <jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list