Jump to content

Change Mode

Recommended Posts

I am continously getting the klez virus e-mailed to me. Is there anyway to stop it?I've gotten 5 in the past three days,My isp's spam blocker is catching them, here's how there comming in:

 

[email protected] Re:(my e-mail add.),eager to see you Special Offers 03-12-2003

 

[email protected] Fw:(my e-mail add.),your password Special Offers 03-12-2003

 

[email protected] Fw:how are you Special Offers 03-11-2003

 

[email protected] Worm Klez.E immunity Special Offers 03-11-2003

 

[email protected] Re:spice girls' vocal concert Special Offers 03-10-2003

 

I know that these are not address that are really sending it but my spam blocker shows the orginating sender and it's always someone by the name of im1 or im2

from Bykxilycx (pemi1-a4.shiatel.tds.net [208.165.220.5])

by im1.sec.tds.net (8.12.3/8.12.3) with SMTP id h2CFJhQH028101

Can anybody help me stop this?

Edited by Joe C
Link to post
Share on other sites

Joe,,it seems to me that if there was a good way to stop klez from being sent that someone would have thought of it by now.

 

I get them too,,but they can't hurt ya if you just delete them,,you could send those to your ISP and see what they say but if its a big ISP they most likely will just sweep it under the rug.

 

Hell mine come in clearly marked as a virus,,and I don't know why my ISP don't just delete them at the server,,but they don't.

 

http://www.mailwasher.net/

Link to post
Share on other sites

Thanks for the reply Volt, Like I stated, my isp's spam blocker catches them before they reach my machine :mrgreen: I can even veiw the script,if ya wanna see what klez looks like,lol. I would never show a virus script on line tho. Maybe I'll drop them a line but I don't think they'll do anything...It seems that it's got my e-mail addy and it don't wanna let go.

Link to post
Share on other sites

Variants .A, .C, and .D use smtp.yahoo.com, smtp.hotmail.com, and smtp.sina.com servers to send out e-mails.

 

Variants .E and .F obtain a SMTP server using the domain name of the e-mail address used in the From: field of the e-mail it sends. For example, if the From: field of the e-mail is [email protected], then it uses smtp.somewhere.com to send its spoofed e-mail.

 

Variants .G, .H, and .I obtain a SMTP server from this registry entry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Accounts\, SMTP Server.

 

Variants A., .C, .D, .E, and .F obtain e-mail addresses to place in the FROM: field from a list that is stored in the worm body, and the lists changes for each variant.

 

Variants .G, .H, and .I obtain e-mail addresses to place in the FROM: field from the infected user’s address book. This causes a non-infected user to appear as the person who has sent this worm’s malicious e-mail. It does this to hide the real sender of the infected e-mail.

 

 

 

 

http://www.hal-pc.org/journal/july02/Colum...rs/trumors.html

Link to post
Share on other sites

The variant that I get is KlezI....this is the info I get from my spam blocker

 

 

Received: from source ([216.170.230.91]) by exprod5mx49.postini.com ([64.75.1.245]) with SMTP;

Wed, 12 Mar 2003 07:22:11 PST

Received: from Bykxilycx (pemi1-a4.shiatel.tds.net [208.165.220.5])

by im1.sec.tds.net (8.12.3/8.12.3) with SMTP id h2CFJhQH028101

for <my e-mail>; Wed, 12 Mar 2003 09:19:44 -0600 (CST)

Date: Wed, 12 Mar 2003 09:19:43 -0600 (CST)

Message-Id: <[email protected]>

From: engparts <[email protected]>

To: my e-mail

Subject: Re:my e-mail,eager to see you

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary=P4Dh335Ah88

X-pstn-levels: (C:78.1961 M:98.9607 P:95.9108 R:95.9108 S: 4.2682 )

X-pstn-settings: 5 (2.0000:8.0000) pmCr

X-pstn-addresses: from <engparts[email protected]>

X-pstn-disposition: quarantine

 

I placed "my e-mail" where my real e-mail addy was, As you see, "from" is [email protected] and this would be the spoofed addy from the virus

Edited by Joe C
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...