[ale] klez

Geoffrey esoteric at 3times25.net
Sun Aug 11 10:26:43 EDT 2002


To add to this issue, I received one this morning as well, which I 
forwarded to Jim because his email addr was in the Return-Path line.

It appears there's a viri out there that is forging 
to/from/reply-to/return-path addresses.  The email I received was a 
bounce message showing me as the sender and sending it to ale.org.

Anyone interested in deciphering the true origination of this thing is 
welcome to it, I've saved it with headers.  Drop me a line and I'll 
forward it to you.

It contains a windows exe named width.exe base64 encoded.

Jim wrote:
> I got a bunch of bounced e-mails this morning that didn't originate from me.  
> Apparently, the worm picked up my e-mail address from somewhere and started 
> spoofing it when it sent out new e-mails. There is no Windows machine in my 
> house these days. I haven't run Windows for a couple of weeks. So, it 
> couldn't have come from me. I did see one bounce from hirsch at zapmedia.com. I 
> don't believe that's Michael's current e-mail address. So, this thing 
> probably got started weeks or even months ago.
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 
> 


-- 
Until later: Geoffrey		esoteric at 3times25.net

I didn't have to buy my radio from a specific company to listen
to FM, why doesn't that apply to the Internet (anymore...)?


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list