Re: virus alert

[Mike Harshbarger <mharsh@fsr.com>]

This one in particular was sourced from an AOL owned IP address. I'll
follow up on it. If you're an AOL user reading this list, you may want to
scan your computer... especially if you were online today around 1:40pm
eastern / 10:40am pacific.

All the best,

 Mike Harshbarger, Sys/Net Admin
 First Step Internet (www.fsr.net)
 1.208.882.8869 / 1.888.676.6377 x470

On Mon, 26 Aug 2002, TEX wrote:

>
>
> And, indeed, there is not necessarily a reason for John Danahy to take
> offense, because there is really no way to know that the infected email
> came from his computer.  One of the lovely features of the Klez worm is
> that the From, To, and Subject fields are all randomly generated.  Any
> infected computer with, for example, Dan Carscallen and John Danahy's
> email addresses saved anywhere on the HD could have generated the email.
>
> Here is a snippet from Symantec's site:
> > Email:
> > This worm searches the Windows address book, the ICQ database, and local
> files for email addresses. The worm sends an email message to these
> addresses with itself as an attachment. The worm contains its own SMTP
> engine and attempts to guess at available SMTP servers. For example, if
> the worm encounters the address user@abc123.com it will attempt to send
> email via the server smtp.abc123.com.
> >
> > The subject line, message bodies, and attachment file names are random.
> The From address is randomly-chosen from email addresses that the worm
> finds on the infected computer.
>
>
>            Clint "Tex" Payton
>        email: tex@kuoi.asui.uidaho.edu
>