Hello Mike, On Friday, April 19, 2002 at 11:20:37 PM you wrote (at least in part):
MH> A colleague of mine has just received a message from me (without my MH> knowledge of sending it) which appears to be related to the Win32.Klez MH> worm. MH> There was no attachment from me. MH> How could this happen with TB? I don't use Outlook, and I thought that MH> this worm exploited Outlook. I am VERY vigilant about attachments, and MH> have TB! set up to not allow opening of MH> *.COM,*.EML,*.CMD,*.JS,*.PL,*.BAS,*.JAVA,*.REG, MH> *.EXE,*.VBS,*.PIF,*.SCR,*.SHS files. First: if TB! would have sent this message it will resist in your 'Sent' folder. Have a look there ... (Albeit I can't believe TB! has been sent it, have a look to be sure). Second: You write you're not _using_ Outlook. Do you have it installed anyway and maybe some aeons ago configured to work properly? Does Outlook (if installed) or Outlook Express have knowledge about your account data (name, e-mail-address, SMTP-server)? The 'Received:' headers look like it were your computer having sent this mail (same IP, sadly no HELO oder EHLO string :-( ). But there're 'In-Reply-To:' and 'References:' headers too ... quite unusual as even if the worm could have used MAPI-interface without you recognizing (which I can't imagine, btw) how should it know about the original message ID? It will have to be able to read the TB! message database format to figure out that ... and I've not read 'Klez' is able to do so ... You have written 'There was no attachment from me.' ... does that mean the recipient had no attachment in the mail? If so there's no 'Klez' issue we could talk about, as 'Klez' is spreading itself and not sending empty messages :-) To come to an end: I'd suggest updating the signature file and re-scan your whole system again. Installing a second AV-software would be also a good idea, in case there's a new variant of Klez around NAV has not yet in the signature file. E.g. http://www.free-av.com/ (which is _really_ slow over here) the (faster) direct download links are: Win9x http://www.free-av.de/personal/en/win9x/avwin9xp.exe Win2000/XP http://www.free-av.de/personal/en/winnt/avwinntp.exe -- Regards Peter Palmreuther mailto:[EMAIL PROTECTED] (The Bat! v1.60c on Windows 2000 5.0 Build 2195 Service Pack 1) Gone back into the darkness ________________________________________________________ Current Ver: 1.60c FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED]
