Klez worm
[1/3] from: gchiu::compkarori::co::nz at: 24-Dec-2002 13:14
On Mon, 23 Dec 2002 16:01:20 -0500
"Charles" <[chalz--earthlink--net]> wrote:
> I was unsure about the headers if it was claiming to
>originate from a
>mindspring user or a verizon user. I'm still no expert
>at decoding headers.
I just got another one ... off list and definitely from
Verizon.
I suspect that Jason Cunliffe has the infection as the
headers partially match his ( the IP address exactly ). I
have been unable to email him as his mail box is over
quota ... I wonder why! So, I've posted it here ... in
case he reads it on escribe.
--
Graham Chiu
http://www.compkarori.com/cerebrus/index.html
[2/3] from: chalz:earthlink at: 23-Dec-2002 19:42
Good investigative work! I wonder, do you (is perhaps Cerebrus?) keep a
table of email sources and their IPs? Could be interesting, and very useful
for tracking down such things as who might have the bug here.
[3/3] from: jason:cunliffe:verizon at: 23-Dec-2002 22:18
Yes & Thank you very much!!
Thanks to Grahams's post on the Rebol List and also a kind email from Sabin I
was alerted. Some strange !@#$ been hapenning here for past couple of days. I
thought it was jsut a combo of an XMas Spam storm and my very overful C drive.
Started with my wife opening an email from a friend. then I got some.
Anyway I googled around and downloaded FixKlex tool from Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.ht
ml
It seems to have worked...
Sincere apologies for any inconvenience.
Anyway Belated Happy Solstice good wishes to you all!
./Jason
______________________________________________
Jason Cunliffe [NOMADICS: Director art+design]
Tel/fax: +1 718 422-1078 [jasonic--nomadics--org]
N 43:00.000' W 074:31.875' ALT:1144 ft
84 Henry Street #3C Brooklyn NY 11201 USA