virus purporting to be from Mark Mandel

Rebecca Orton rebaorton at YAHOO.COM
Wed Jun 26 04:07:36 UTC 2002


Hi Mark,
That could be me.  I ran the virus removal tool
and it found a temporary internet file with a
..pif extension that was infected by the Klez
virus.
Reba


 --- Mark A Mandel <mam at THEWORLD.COM> escribi 3   >
Somebody who has me in their address book seems
> to have the Klez.H
> virus.
>
> Nancy Frishberg wrote to me that an email sent
> to this list, apparently
> by me, had a virus in it.  I got a similar
> report from what seems to be
> a warning program at my ISP.
>
> I was very surprised, since my email interface
> is primitive: the mail
> resides on my ISP's Unix system and I access it
> only by text-only
> connections. I wrote to the staff to ask what
> was up.
>
> Here is part of my ISP's response to my
> inquiry; see especially the last
> two paragraphs. I had already taken the
> prescribed steps against Klez.H
> on my Windows laptop, between getting these
> warnings and getting the
> advice below. The laptop was not infected. My
> home machine is a Mac, and
> I don't think Klez even exists for (against)
> Macs.
>
> -- Mark A. Mandel
>
>
> ---------- Forwarded message ----------
> Date: Tue, 25 Jun 2002 22:40:39 -0400
> Subject: Re: [Staff #30101] Antigen found FILE
> FILTER= *.scr file (fwd)
>
> Hello,
>
> Your address may have been forged into a virus
> infected email sent to
> antigen at theworld.com.  One of the more recent,
> widespread viruses to
> do this was the Klez.H worm.  Take a look at
> Symantec's Security
> Response for this particularly popular
> worm/virus:
>
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html
>
> The point of interest though is the
> manipulation of the "From" line.  Like
> most worm/viruses it culls email addresses from
> Microsoft mail programs
> (Outlook, Outlook Express) and sends itself to
> each one of these
> addresses.  The strange part is that it also
> attaches one of the addresses
> to the "From" line, so it appears it is coming
> from someone else entirely.
>
> It is possible that a correspondent of yours
> (who has your email
> address in their addressbook) is actually the
> one who is infected.  If
> you manage your email entirely within the Unix
> shell environment
> (pine, etc.) you can almost be certain that you
> are not infected.
> However, to be safe, if you use Norton
> Antivirus (or some other
> antivirus program) download the latest virus
> definitions and make sure
> that your computer is not infected with
anything.

=====
AIM & MSN: RebaOrton

_________________________________________________________
Do You Yahoo!?
Informaci ¡?  de Estados Unidos y Am }° ica Latina, en Yahoo! Noticias.
Vis M² anos en http://noticias.espanol.yahoo.com



More information about the Slling-l mailing list