>Trrace is know name used by friend (foter Chris
> Swingler), but web address is different than any used by him previously.
This is a trait of both the Klez and Bugbear viruses.
They go into an address book, find both usernames and domains and
mix-n-match.
So if I am blat@rascal.com and you are showboat@lbc.net and we are both in
someone's address book, one of these viruses could send itself out and use
showboat@rascal.com as the purported "from." Of course a reply would bounce.
And then "Hi Good Buddy" was likely the message subject actually used by the
owner of the infected computer at some previous time on something totally
unrelated.
Bugbear gets extra nasty in finding old traffic and including it as the
message text. The clues are that it is usually very old traffic and often
(not always) incomplete. Example: someone got a Bugbear with a message I had
sent more than a year ago as the text (but the Bugbear did not come from
me).
--Rocky Entriken
|