Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Durkin Tactical Franklin Armory
User Panel

Site Notices
Posted: 5/26/2002 11:30:08 PM EDT
I never claimed to need this fix, but I've been sent 2 attachments from "armed_astronaut", claiming to have the fix. Am I being targeted?[>:/]
Link Posted: 5/26/2002 11:40:59 PM EDT
[#1]
No, its going aorund random. So dont worry about it. just delete it and move on
Link Posted: 5/27/2002 12:03:00 AM EDT
[#2]
Don't open the attachment.  You don't need a fix from unknown source.  Just update your antivirus software or if you don't have one, go buy it!
Link Posted: 5/27/2002 1:34:12 AM EDT
[#3]
Link Posted: 5/27/2002 6:02:15 AM EDT
[#4]
Quoted:
Am I being targeted?
View Quote


If you haven't already deleted the message, take a look at the header to see if the top Received: line shows it coming from a comcast.net subscriber.  In fact, you might also see "Return-Path: ".

Dave Reynolds has an  infected machine sitting on a cable connection and has been sending out Klez to members of AR15.com for several weeks now, and refuses to do anything about it.  If this is the case, you need to forward it to [email protected] and maybe even call 1-800-COMCAST to complain.

If anyone here knows Dave Reynolds from Indiana, please drive by his house and cut his cable TV wire, then kick him in the nads.  I'm tired of getting several copies of Klez from him every week.
Link Posted: 5/27/2002 6:43:28 AM EDT
[#5]
Just got an email from Quietshoez the other day that contained Klez.  I thought about alerting him, but if the return is spoofed, then I guess its not important.  I didn't take time to examine the header.  Thanks for the heads-up, I'll watch closer next time.

Anyone have any friends that work for Comcast in Indiana? [}:D]
Link Posted: 5/27/2002 7:35:35 AM EDT
[#6]
This is the header froma klex infected mail that a co-worker received. I have removed the coworkers address for privacy.
----------------
Received: from MAIL.CLOAK.COM ([199.4.146.42]) by MAIL.CLOAK.COM
         with SMTP for CLOAK.COM; Fri, 10 May 2002 22:26:18 -0400
Received: from out020.verizon.net ([206.46.170.176])
by MAIL.CLOAK.COM (NAVGW 2.5.2.9) with SMTP id M2002051022295814376
for ; Fri, 10 May 2002 22:30:02 -0400
Received: from Aiggfi ([66.169.19.206]) by out020.verizon.net
         (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
         id <[email protected]>
         for ; Fri, 10 May 2002 21:26:08 -0500
From: edmonds
To: [email protected]
Subject: NORESIZE
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=DQ5a90I650g978o4789Vei8h
Message-Id: <[email protected]>
Date: Fri, 10 May 2002 21:26:12 -0500

--------

there is mention off a Aiggfi, my guess is that is the PC name of the real senders PC. now [email protected] is the Spoofed/faked senders email. so to cure this one would have to contact Verizon. since their service is being used by this fellow. if you look through the header you will note a 199 addy thats the internal IP of our email server. we have had so many various virus hits we finally put up the Norton Antivirus for Gateways. basicly it sits on the email server and scans incoming/outgoing emails for viruses, if located it cleans or deletes the files. very nice.

--edit--

I just checked against a different email and Aggy is the senders PC. as the email server gets the PCs name its almost impossible to fake the real sender. If one knows what to look for one can find the real user.
Link Posted: 5/27/2002 10:56:46 AM EDT
[#7]
Thanks to all, as usual. I figured it was bad & deleted shortly after I started this thread. In the recent past, I've also received other emails w/ attachments from senders I don't know, & of course, I deleted those, too.

Simplest rule to follow: Delete all emails w/ attachments freom unknown senders.
Link Posted: 5/27/2002 12:42:45 PM EDT
[#8]
Link Posted: 5/27/2002 3:20:41 PM EDT
[#9]
i get about one per day from [email protected]  today he was kind enough to send me the fix too!  [;D]  thank goodness for AR15.com email.  haven't have a bit of problem.  hasn't seemed to affect my other email accounts either.  i guess i'm more anonymous than i thought!
Link Posted: 5/27/2002 4:19:21 PM EDT
[#10]
Link Posted: 5/27/2002 6:25:12 PM EDT
[#11]
[url]http://vil.mcafee.com/dispVirus.asp?virus_k=99455[/url]

Here's the actual Klez virus info from McAfee.
Link Posted: 5/27/2002 6:48:30 PM EDT
[#12]
Steel-Rat...Thats the one I keep getting them from on AR15, But now it has moved into my Hotmail and out look mail. This is getting to much. Also some one sent me a Virus called snow white and the 7 Dwarf's. I trace it back to a sex site. So what do we do about this guy
Close Join Our Mail List to Stay Up To Date! Win a FREE Membership!

Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!

You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.


By signing up you agree to our User Agreement. *Must have a registered ARFCOM account to win.
Top Top