Okay, I’m getting a half dozen or more of these Klez e-mails from someone who’s infected here. The person apparently has has the following people in their address book: Colin and Brigitte Goldie, Folbot, Agesmay (Sindt’s contact e-mail if I’m ot mistaken), Jodi_Walton.
Also, several of the e-mails I received contained C&F message board screen shots, (not current) with what appeared to be active links. One of the Screen shots was was of the posting screen with the name Petrus already typed in the name box, the password had not yet been typed, nor was there text. I’m wondering how Klez can fake that screen shot, where someone is halfway through logging in to post a message here? Anyone? If not could PETRUS be infected? No accusation here just wondering.
Perhaps if others chip in with some of the bogus email address names (without the @ portion) we can figure out who’s infected and put an end to this, eh?
Loren
[ This Message was edited by: Loren on 2002-09-15 18:36 ]
I’m wondering if someone is somehow pulling the e-addresses from C&F’s profile information. I started getting this junk a while back, took my e-address out of my profile, and stopped getting it. Could be coincidence. Someone else could try removing, changing, or spam-blocking their profile e-address and see what happens.
That’s why I list my email address as I do (see mail link below). Put in some random info between the yahoo and the com (I use REMOVE_THIS_SPAMBLOCKER), and the programs that go through looking for email addresses end up with an invalid address.
The side effect is I get a lot of messages from people saying “Your email bounced!”
BTW if you do this, do it as “...@yahoo.SPAMBLOCK.com” and not “...@SPAMBLOCK.yahoo.com” - the first one is completely bounced, and the second one finds yahoo first and wastes time and space looking for Yahoo’s subsection called Spamblocker.
[ This Message was edited by: avanutria on 2002-09-15 19:18 ]
Yeah, I’m getting about 2 a day, AFAIK from the same person. One had Dale’s address listed as the return (sorry for cluttering your MB with the note about it Dale), but it’s listing my ISP’s administrator as the return address in some cases. Nothing like getting a mail allegedly from your sysadmin claiming to contain stuff about sexual acts.
On 2002-09-15 19:26, chas wrote:
Yeah, I’m getting about 2 a day, AFAIK from the same person. One had Dale’s address listed as the return …Nothing like getting a mail claiming to contain stuff about sexual acts.
\
Dale, Dale, Dale… You and your “Hot n’ Wild Asian Teens”, tsk, tsk.
Yup, Loren…I got the screen shot of PETRUS, also. It was among the other 6 virus containing e-mails stopped today by my provider’s software…
Cheers.
Byll
I recently had a teenage patient in my office with his parents and they were upset with him because they caught him on a porn site. The boy SWORE that he had not done it on purpose, that he can’t remember what URL he was typing in, but that the porn site just ‘popped up.’ I told him and the parents that I was skeptical. That VERY NIGHT, I typed in some URL (I can’t remember it either) and I found myself in a website called “Beautiful Black Men.” I called the kid and apologized.
Not that there’s anything WRONG with beautiful black men or anything!!
Dale
Dale Wisely
Chiff & Fipple HQ
[ This Message was edited by: DaleWisely on 2002-09-15 20:53 ]
Once I was looking for a new pair of rollerblades and decided to try Dick’s Sporting Goods, a sports chain in NY. Not thinking, I typed in a shorter version of what I guessed would be their URL. I was…incorrect. :roll:
On 2002-09-15 20:52, DaleWisely wrote:
I have to tell a story about this.
I recently had a teenage patient in my office with his parents and they were upset with him because they caught him on a porn site. The boy SWORE that he had not done it on purpose, that he can’t remember what URL he was typing in, but that the porn site just ‘popped up.’ I told him and the parents that I was skeptical. That VERY NIGHT, I typed in some URL (I can’t remember it either) and I found myself in a website called “Beautiful Black Men.” I called the kid and apologized.
Not that there’s anything WRONG with beautiful black men or anything!!
Here’s a link to Symantec’s (Norton’s Antivirus) webpage about Klez. It includes everything that you need to know about the Klez virus, you’ll also find a removal tool there. As mentioned in a previous thead, never use a “virus removal tool” that is sent to you via email (it probably contains a virus):
Ohhh my, you mean that you landed on a site that had to do with low whistles, only a slightly different designed version…
Actually, another “funny” story. Sometime last year I received an e-mail from M&E Flute that said something like “South Park” or whatever. Was the first time I came in contact with a worm. I clicked on the executable, since I trusted the content, and nothing happened. I clicked like crazy, nothing happened… The day after, I have a message from my boss saying that I sent him an e-mail with a virus, and since it was from me, he opened it… He had many e-mails in his outlook from vice-presidents of companies like COMPAQ, IBM, Etc… Fortunately, his anti-virus catched it before it could be sent away. Believe me, I always have an anti-virus software running since then.
On 2002-09-15 20:57, jim_mc wrote:
Well, today I got one from you, Loren. Blue Devil, right. It promised to contain sexy pictures of your hot Japanese girlfriend. No joke.
Also got them from “hmi” and “judge_richard”.
Edited to remove the @ part of the addresses.
No, it never comes from the person it’s addressed to or from, as I understand this, it came from someone else who has my email address in their address book.
Actually, the Blue-Devil addy is a webtv address, and webtv is a OS/browser that cannot be infected by Klez, so I’m immune from being infected at that addy. This just bugs me becaus I have all this junk filling up my mailbox and using up my limited storage space - most of these fake emails that I’m receiving contain attachments.
I still don’t see how Klez could fake a sign-in on a message board screen shot…I mean I can’t imagine it was designed with that sort of thing in mind. PETRUS, have you scanned to see if you might have Klez?
I wrote:
One had Dale’s address listed as the return (sorry for cluttering your MB with the note about it Dale), but it’s listing my ISP’s administrator as the return address in some cases. Nothing like getting a mail allegedly from your sysadmin claiming to contain stuff about sexual acts.
Loren quoted:
One had Dale’s address listed as the return …Nothing like getting a mail claiming to contain stuff about sexual acts.
Loren, have you considered/pursued a career in journalism or politics? This is a very creative, yet factually correct quote.
P.S. The only reason I think it might be PETRUS is because his address was NOT the sending or receiving addy in the email that had the attachment with the screen shot containing his login. My theory is that Klez booted up (unbeknownst to PETRUS) while he was online and took the screen shot while he was logging in, then it proceeded to send copies of the screen shot to people in his address book, using origin addys from other folks in the address book.
Of course I don’t know jack about computers, so I could be way off…
Two tonight. SpamKiller got one of them
containing the following text:
" kevin@wormland.fsnet.co.uk
This message has been rejected because it has
an apparently executable attachment Mtg.scr
This is a virus prevention measure.
If you meant to send this file then please
package it up as a zip file and resend it."
The other was allegedly from a “wepalmers2@worldnet.att.net” and had the klez worm in an attachment called “demo.exe”, which was allegedly a game someone wanted me to try - could anyone really be stupid enough to fall for that one?
Did you like that bit of creative editing there Charlie? Can’t stand politics, but lately I have been thinking maybe I missed my calling as an investigative reporter - Move over Mike Wallace!
In all seriousness: Since my post was meant in jest, I took some liberties for the sake of comedic effect, and of course I wouldn’t do such a thing if we were discussing serious matters - as everyone knows, I prefer to read minds in that case.
On 2002-09-15 22:05, Chuck_Clark wrote:
The other was allegedly from a "> wepalmers2@worldnet.att.net> " …which was allegedly a game someone wanted me to try - could anyone really be stupid enough to fall for that one?
I got that one, too. I didn’t fall for it. But I also didn’t realize it was connected to the other thing. Hmm.
Can’t stand politics, but lately I have been thinking maybe I missed my calling as an investigative reporter - Move over Mike Wallace!