Re: virus alert

[TEX <tex@kuoi.asui.uidaho.edu>]

And, indeed, there is not necessarily a reason for John Danahy to take
offense, because there is really no way to know that the infected email
came from his computer.  One of the lovely features of the Klez worm is
that the From, To, and Subject fields are all randomly generated.  Any
infected computer with, for example, Dan Carscallen and John Danahy's
email addresses saved anywhere on the HD could have generated the email.

Here is a snippet from Symantec's site:
> Email:
> This worm searches the Windows address book, the ICQ database, and local
files for email addresses. The worm sends an email message to these
addresses with itself as an attachment. The worm contains its own SMTP
engine and attempts to guess at available SMTP servers. For example, if
the worm encounters the address user@abc123.com it will attempt to send
email via the server smtp.abc123.com.
>
> The subject line, message bodies, and attachment file names are random.
The From address is randomly-chosen from email addresses that the worm
finds on the infected computer.


           Clint "Tex" Payton
       email: tex@kuoi.asui.uidaho.edu

On Mon, 26 Aug 2002, Dan Carscallen wrote:

>
> No offense to John Danahy, but I received the klez virus from his computer.  It came as an attachment through the Vision 2020 mailing list, so I'm sure I'm not alone.  The attachment is titled height.exe
>
> Just warning everyone.
>
> Dan Carscallen
>
>
>