On Sat, 2002-04-20 at 22:05, Pierre Fortin wrote: > On Sat, 20 Apr 2002 21:00:29 -0500 Jason Guidry <[EMAIL PROTECTED]> > wrote: > > > > > It looks like someone has decided that I don't have enough headaches and > > > > has started sending me viri. Normally this would not bother me, but the > > > > problem is that the from line shows my email address on my website > > <[EMAIL PROTECTED]>! > > Spoofing by spammer(?) at 66.24.19.151 (syr-66-24-19-151.twcny.rr.com). >
I have received several of these types of infected email (W32/Klez.e@MM) coming to a win2000 box on my network. Pierre is correct in his assumption about spoofing being done. It appears that the virus code does the spoofing. This code generates an email, with the virus file attached, and this email is then sent. This email, the one generated by the offending machine, is created as though I am the originator, which I am clearly not. This is where the spoofing comes to be a part of the process. Now, here is the question for Pierre or any others that might have some thoughts on this. In my investigation of this matter, I have made the following observations: The only logical way that the offending machine would know to use my address (spoofing) as the originator is that this person/machine is using some variation of Outlook, such as Outlook Express or Outlook (W32/Klez.e@MM only works with version of MS Outlook), and this means that my address is in that person/machine's address book, i.e. someone that knows me or at least has my address in their address book, is responsible for sending this virus email that has my address at the originator. It could be that this person/machine is *not* aware that this is occurring but this is nonetheless how it all got started. Would like to see some thoughts on this logic (sanity check)... aka Dr John, The Night Tripper -- J. Craig Woods UNIX/NT Network/System Administration -Art is the illusion of spontaneity-
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
