MarkCSC

Carl the virus spoofs your e-mail address. Your address is held on somebodies PC (lets call it X). X sends itself an e-mail that looks likes it comes from your e-mail address. The owner of X will probably send an e-mail to you saying you a have sent them a virus. You'll run the check and find no virus.
It's a bit complicated but explained well on the Norton site.

Mark

Bugger too late twice over!

[Edited by Mark Champion - 7/4/2002 3:14:41 PM]

ChrisB

Don't forget Klez can spoof the "From" Address.

I had a virus warning back from an ISP saying I'd sent an infected message when my PC was OFF and I was 30 miles sat outside enjoying the sunshine.

Our resident AV expert Jack Clark has suffered from this as well.

[Edited by ChrisB - 7/4/2002 3:14:02 PM]

mega_stream

Carl, yup its me, I sent you the email yesterday asking who you were!
Thought what the heck is this guy doing sending me a "good tool"

Gotta hand it to the little shytes that write these damn viruses..

[Edited by mega_stream - 7/4/2002 3:51:30 PM]

DJ Dunk

iTrader: (5)

Mine came from 'scoobiedude@hotmail.com' or something

Never mind, good 'ol Sophos should have licked it anyway
The virus, not the good tool

[Edited by DJ Dunk - 7/4/2002 3:56:15 PM]

mega_stream

I got an email yesterday from someone titled "A good tool", didn't know who it was from so I thought I'ld check out the domain where the mail originated....an Impreza owner...emailed him and asked him, turns out he's been getting suspect emails from various people on Scoobynet.

I know this ones probably been done before, but can people check they have AV software on there PC's! (and its up-to-date)

The clean for this particular virus can be found here..

http://antivirus.about.com/gi/dynami...oval.tool.html

Please read the instructions before using this..

Cheers all

DJ Dunk

iTrader: (5)

I got sent this too. The title is pretty suspicsious so I deleted it straight away.

I too got it from an "Impreza owner"

carl

Ooh, was it from me?

<carl@bogart.org.uk>

I don't think I have a virus -- it virus-checks clean, I don't have either of your e-mail addresses in my address book, and I don't use microsoft mail software. Also the mail allegedly sent from me was at a time when none of my machines were switched on.

carl

Update -- I read up on the Klez worm and apparently some variants are able to spoof the originator's address. This may explain why I received an e-mail with an attachment specific to MRO Scoobystyling, but the e-mail's originator was not Rob of MRO. It also suggests that someone with one of my e-mail addresses in their address book (who is using Outlook/Outlook Express) has this worm.

NotoriousREV

Don't forget, Klez masks it's origination point, so the senders e-mail address is pretty useless. Look at the sending machines host IP, you should be able to track it down to an ISP and then you can say "A **** user needs to run this Klez removal tool"

ChrisB

Oh, a decent ISP will virus scan your e-mails for you before you even download them (just like Titan...

Little Miss WRX

LOL@Mr B, no association with them blah, blah etc don't forget

My AV is updated, I have run the Klez check on mine and I am free, yet it has spoofed my email address as if I was the sender.

Worth doing a quick check, doesn't take long

Michelle.

carl

I assure you I keep my tool under close wraps

mega_stream

LOL

I didn't tweek that it was a virus at first (due to my Defcon5 AV setup ), so I actually sent Carl an email saying there was no attachment..

I guess what threw me was my recent post about Dewalt power tools

Markus

yeah, klez seems to be infecting quite a few people. have helped some of my RS friends clean it up.

Nasty ****** it is too!

Why do people write viruses?? WHY???

carl

...because they're paid to do so by Anti-Virus companies?

[Sorry, JackClark ]