User Panel
User Panel
User Panel
|
Posted: 5/26/2002 11:40:59 PM EDT
[#1]
No, its going aorund random. So dont worry about it. just delete it and move on
|
|
|
|
Posted: 5/27/2002 12:03:00 AM EDT
[#2]
Don't open the attachment. You don't need a fix from unknown source. Just update your antivirus software or if you don't have one, go buy it!
|
|
|
|
Posted: 5/27/2002 1:34:12 AM EDT
[#3]
The "fix" is a variant of the virus itself. And the mail you received wasn't sent by the person you think it was; Klez spoofs the return address. Whoever DID send it doesn't know they did; their machine is infected as is doing it on its own.
Delete the email and move on. -Troy |
|
|
|
Posted: 5/27/2002 6:02:15 AM EDT
[#4]
Quoted: Am I being targeted? If you haven't already deleted the message, take a look at the header to see if the top Received: line shows it coming from a comcast.net subscriber. In fact, you might also see "Return-Path: Dave Reynolds If anyone here knows Dave Reynolds from Indiana, please drive by his house and cut his cable TV wire, then kick him in the nads. I'm tired of getting several copies of Klez from him every week. |
|
|
|
Posted: 5/27/2002 6:43:28 AM EDT
[#5]
Just got an email from Quietshoez the other day that contained Klez. I thought about alerting him, but if the return is spoofed, then I guess its not important. I didn't take time to examine the header. Thanks for the heads-up, I'll watch closer next time.
Anyone have any friends that work for Comcast in Indiana? [}:D] |
|
|
|
Posted: 5/27/2002 7:35:35 AM EDT
[#6]
This is the header froma klex infected mail that a co-worker received. I have removed the coworkers address for privacy.
---------------- Received: from MAIL.CLOAK.COM ([199.4.146.42]) by MAIL.CLOAK.COM with SMTP for CLOAK.COM; Fri, 10 May 2002 22:26:18 -0400 Received: from out020.verizon.net ([206.46.170.176]) by MAIL.CLOAK.COM (NAVGW 2.5.2.9) with SMTP id M2002051022295814376 for Received: from Aiggfi ([66.169.19.206]) by out020.verizon.net (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP id <20020511022608.ICDC1765.out020.verizon.net@Aiggfi> for From: edmonds To: [email protected] Subject: NORESIZE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=DQ5a90I650g978o4789Vei8h Message-Id: <20020511022608.ICDC1765.out020.verizon.net@Aiggfi> Date: Fri, 10 May 2002 21:26:12 -0500 -------- there is mention off a Aiggfi, my guess is that is the PC name of the real senders PC. now [email protected] is the Spoofed/faked senders email. so to cure this one would have to contact Verizon. since their service is being used by this fellow. if you look through the header you will note a 199 addy thats the internal IP of our email server. we have had so many various virus hits we finally put up the Norton Antivirus for Gateways. basicly it sits on the email server and scans incoming/outgoing emails for viruses, if located it cleans or deletes the files. very nice. --edit-- I just checked against a different email and Aggy is the senders PC. as the email server gets the PCs name its almost impossible to fake the real sender. If one knows what to look for one can find the real user. |
|
|
|
Posted: 5/27/2002 10:56:46 AM EDT
[#7]
Thanks to all, as usual. I figured it was bad & deleted shortly after I started this thread. In the recent past, I've also received other emails w/ attachments from senders I don't know, & of course, I deleted those, too.
Simplest rule to follow: Delete all emails w/ attachments freom unknown senders. |
|
|
|
Posted: 5/27/2002 12:42:45 PM EDT
[#8]
Quoted: Simplest rule to follow: Delete all emails w/ attachments freom unknown senders. Yes, but Klez was specifically engineered to get around this rule. By spoofing the return address with a random REAL address that it finds on your machine, the recipient will often believe that he/she knows the person sending the email. The better answer is to have a good anti-virus program (Norton 2002 scans incoming email and kills Klez dead!), know what file extensions never to open (exe, com, bat, cmd, pif, vbs, scr, etc.), and TURN OFF "PREVIEW." -Troy |
|
|
|
Posted: 5/27/2002 3:20:41 PM EDT
[#9]
i get about one per day from DReynolds@....... today he was kind enough to send me the fix too! [;D] thank goodness for AR15.com email. haven't have a bit of problem. hasn't seemed to affect my other email accounts either. i guess i'm more anonymous than i thought!
|
|
|
|
Posted: 5/27/2002 4:19:21 PM EDT
[#10]
I get at least one of these a day. The one today was "from" AR15gal.
|
|
|
|
Posted: 5/27/2002 6:25:12 PM EDT
[#11]
[url]http://vil.mcafee.com/dispVirus.asp?virus_k=99455[/url]
Here's the actual Klez virus info from McAfee. |
|
|
|
Posted: 5/27/2002 6:48:30 PM EDT
[#12]
Steel-Rat...Thats the one I keep getting them from on AR15, But now it has moved into my Hotmail and out look mail. This is getting to much. Also some one sent me a Virus called snow white and the 7 Dwarf's. I trace it back to a sex site. So what do we do about this guy
|
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
