virus purporting to be from Mark Mandel
Mark A Mandel
mam at THEWORLD.COM
Wed Jun 26 02:59:28 UTC 2002
Somebody who has me in their address book seems to have the Klez.H
virus.
Nancy Frishberg wrote to me that an email sent to this list, apparently
by me, had a virus in it. I got a similar report from what seems to be
a warning program at my ISP.
I was very surprised, since my email interface is primitive: the mail
resides on my ISP's Unix system and I access it only by text-only
connections. I wrote to the staff to ask what was up.
Here is part of my ISP's response to my inquiry; see especially the last
two paragraphs. I had already taken the prescribed steps against Klez.H
on my Windows laptop, between getting these warnings and getting the
advice below. The laptop was not infected. My home machine is a Mac, and
I don't think Klez even exists for (against) Macs.
-- Mark A. Mandel
---------- Forwarded message ----------
Date: Tue, 25 Jun 2002 22:40:39 -0400
Subject: Re: [Staff #30101] Antigen found FILE FILTER= *.scr file (fwd)
Hello,
Your address may have been forged into a virus infected email sent to
antigen at theworld.com. One of the more recent, widespread viruses to
do this was the Klez.H worm. Take a look at Symantec's Security
Response for this particularly popular worm/virus:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
The point of interest though is the manipulation of the "From" line. Like
most worm/viruses it culls email addresses from Microsoft mail programs
(Outlook, Outlook Express) and sends itself to each one of these
addresses. The strange part is that it also attaches one of the addresses
to the "From" line, so it appears it is coming from someone else entirely.
It is possible that a correspondent of yours (who has your email
address in their addressbook) is actually the one who is infected. If
you manage your email entirely within the Unix shell environment
(pine, etc.) you can almost be certain that you are not infected.
However, to be safe, if you use Norton Antivirus (or some other
antivirus program) download the latest virus definitions and make sure
that your computer is not infected with anything.
More information about the Slling-l
mailing list