The likelihood is almost 100% that the suspicious messages "from" you were
sent from another source. AND, that you are not infected at all, but someone
else who has you in his address book is.
How Klez works (Bugbear too) ... it looks into an address book, finds an
address, sends itself to that address book and attaches one of the names
found in that address book as the alleged sender. This is why it is
fruitless to reply to the sender that he is infected. He isn't. Someone else
is. It is also why, nearly a year later, Klez is still rampant because it is
nigh impossible to alert the infected.
Bugbear has a couple of other nasties. It does mix-and-match of addresses.
so if I am rocky@tri.net and you are n197tr4@cs.com and we are both in
someone's address book, the virus may send itself purportedly from
rocky@cs.com or n197tr4@tri.net (neither being existing addresses). Bugbear
also steals messages (or parts of them) from the hard drive and sends them
as text. The clue there is they are usually very old messages. One that came
"from" me that I learned about, I had sent nearly 15 months before. The
first Bugbear I received informed of the SCCA members killed on Flight
93 -- a year afterwards.
Norton snags 'em both if you are updated. They've become so common I just
consider them nasty spam and delete.
--Rocky Entriken
----- Original Message -----
From: <n197tr4@cs.com>
To: <fot@autox.team.net>
Sent: Tuesday, February 11, 2003 11:28 AM
Subject: KLEZ
> List,
>
> I beleive I was infected by one of my HS Classmates recently. I have
recieved two messages from the FOT list about suspicious mail from me.
>
> I did a full system scan and the virus is quarantined and reported clean.
(Norton Anti-Virus)
>
> Anything else I need to know?
>
> Regards,
>
> Joe (A)
|