Re: Report to Sender

To: debian-user@lists.debian.org
Subject: Re: Report to Sender
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Tue, 18 Jun 2002 01:47:23 -0700
Message-id: <[🔎] 20020618084723.GE18537@ix.netcom.com>
In-reply-to: <[🔎] 20020617123729.A18548@kinaole.org>
References: <[🔎] OFEC1CF694.0D0DE95A-ON86256BDB.00655B4B@firstar.com> <[🔎] 20020617123729.A18548@kinaole.org>

on Mon, Jun 17, 2002, Dave Price (davep@kinaole.org) wrote:
> On Mon, Jun 17, 2002 at 01:27:05PM -0500, MKEIMAIL00@Firstar.com wrote:
> > Incident Information:-
> > 
> > Database: d:/lotus/domino/data/mail2.box
> > Originator:    debian-user <debian-user@lists.debian.org>
> > Recipients:    Bill_Liberacki@firstar.com
> > Subject:  Welcome to my hometown
> > Date/Time:     06/17/2002 01:26:55 PM
> > 
> > The file attachment TITLE1.bat you sent to the recipients listed above was
> > infected with the W32/Klez.h@MM virus and was not successfully cleaned.
> > 

> klez? me?
> 
> this is mutt on debian, i don't think so!

The "Klez" virus is one of a family of viruses, the most prolific is
called W32/ Klez.h@MM, and appeared mid-April, 2002, and has been one of
the most successful email-borne viruses of all time. While most virus
outbreaks trail off within a few days of emergence, Klez is still
increasing in prevalence eight weeks after its first      appearance.
It's hard to eradicate because it fakes the sender address of emails.
This also means that many people will receive warnings about Klez for
mail they never sent.  Klez also infects and may damage files, and can
distribute confidential information.

The most significant aspect of Klez is that it fakes ("spoofs") the
"From" line of email. With automated virus filtering systems, this means
that an innocent third party may receive a message that mail they never
sent was found to be infected with a virus.

There are also numerous news articles on the topic:

  * http://www.wired.com/news/technology/0,1282,52174,00.html                  
  * http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2862091,00.html
  * http://www.vnunet.com/News/1131004                
  * http://www.theregister.co.uk/content/55/25461.html

...oh, and the guys spamming our list with Klez virus alerts are idots
[1].

Peace.

--------------------
Notes:

1.  Yes.  Illinois Departments of Transportation.  Um.  Whatever.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Support the EFF, they support you:  http://www.eff.org/

Attachment: pgpL7yvYb6m3V.pgp
Description: PGP signature

Reply to:

References:
- Report to Sender
  - From: MKEIMAIL00@Firstar.com
- Re: Report to Sender
  - From: Dave Price <davep@kinaole.org>

Prev by Date: Re: aptitude, dselect, synaptic at the same time
Next by Date: Re: Woody+initrd+raid1+boot = :-(
Previous by thread: Re: Report to Sender
Next by thread: Laptop/Notebook
Index(es):
- Date
- Thread