Let's get to the bottom of this freakin' Klez thing already!

[Loren]

Okay, I'm getting a half dozen or more of these Klez e-mails from someone who's infected here. The person apparently has has the following people in their address book: Colin and Brigitte Goldie, Folbot, Agesmay (Sindt's contact e-mail if I'm ot mistaken), Jodi_Walton.

Also, several of the e-mails I received contained C&F message board screen shots, (not current) with what appeared to be active links. One of the Screen shots was was of the posting screen with the name Petrus already typed in the name box, the password had not yet been typed, nor was there text. I'm wondering how Klez can fake that screen shot, where someone is halfway through logging in to post a message here? Anyone? If not could PETRUS be infected? No accusation here just wondering.

Perhaps if others chip in with some of the bogus email address names (without the @ portion) we can figure out who's infected and put an end to this, eh?

Loren

<font size=-1>[ This Message was edited by: Loren on 2002-09-15 18:36 ]</font>

[tkelly]

I'm wondering if someone is somehow pulling the e-addresses from C&F's profile information. I started getting this junk a while back, took my e-address out of my profile, and stopped getting it. Could be coincidence. Someone else could try removing, changing, or spam-blocking their profile e-address and see what happens.

Tery

[avanutria]

That's why I list my email address as I do (see mail link below). Put in some random info between the yahoo and the com (I use REMOVE_THIS_SPAMBLOCKER), and the programs that go through looking for email addresses end up with an invalid address.

The side effect is I get a lot of messages from people saying "Your email bounced!"

BTW if you do this, do it as "...@yahoo.SPAMBLOCK.com" and not "...@SPAMBLOCK.yahoo.com" - the first one is completely bounced, and the second one finds yahoo first and wastes time and space looking for Yahoo's subsection called Spamblocker.

<font size=-1>[ This Message was edited by: avanutria on 2002-09-15 19:18 ]</font>

[JessieK]

I got a Klez e-mail from Kevin Krell's e-mail address, and he said he hadn't sent it.

[avanutria]

Yes, someone who has both your address and Kevin's is the one who sent it.

[chas]

Yeah, I'm getting about 2 a day, AFAIK from the same person. One had Dale's address listed as the return (sorry for cluttering your MB with the note about it Dale), but it's listing my ISP's administrator as the return address in some cases. Nothing like getting a mail allegedly from your sysadmin claiming to contain stuff about sexual acts.

[Loren]

On 2002-09-15 19:26, chas wrote:
Yeah, I'm getting about 2 a day, AFAIK from the same person. One had Dale's address listed as the return ....Nothing like getting a mail claiming to contain stuff about sexual acts.

Dale, Dale, Dale.... You and your "Hot n' Wild Asian Teens", tsk, tsk.


Loren

[Byll]

Yup, Loren...I got the screen shot of PETRUS, also. It was among the other 6 virus containing e-mails stopped today by my provider's software...
Cheers.
Byll

[Dale]

I have to tell a story about this.

I recently had a teenage patient in my office with his parents and they were upset with him because they caught him on a lichen site. The boy SWORE that he had not done it on purpose, that he can't remember what URL he was typing in, but that the lichen site just 'popped up.' I told him and the parents that I was skeptical. That VERY NIGHT, I typed in some URL (*I* can't remember it either) and I found myself in a website called "Beautiful Black Men." I called the kid and apologized.

Not that there's anything WRONG with beautiful black men or anything!!

_________________
Dale

Dale Wisely
Chiff & Fipple HQ


<font size=-1>[ This Message was edited by: DaleWisely on 2002-09-15 20:53 ]</font>

[jim_mc]

Well, today I got one from you, Loren. Blue Devil, right. It promised to contain sexy pictures of your hot Japanese girlfriend. No joke.

Also got them from "hmi" and "judge_richard".

Edited to remove the @ part of the addresses.
_________________
Don't you boys know any nice songs?

<font size=-1>[ This Message was edited by: jim_mc on 2002-09-15 20:59 ]</font>

[rossmpfc13]

OK, I'm confused...
what have people been getting emails about?

[avanutria]

Once I was looking for a new pair of rollerblades and decided to try Dick's Sporting Goods, a sports chain in NY. Not thinking, I typed in a shorter version of what I guessed would be their URL. I was...incorrect. :roll:

On 2002-09-15 20:52, DaleWisely wrote:
I have to tell a story about this.

I recently had a teenage patient in my office with his parents and they were upset with him because they caught him on a lichen site. The boy SWORE that he had not done it on purpose, that he can't remember what URL he was typing in, but that the lichen site just 'popped up.' I told him and the parents that I was skeptical. That VERY NIGHT, I typed in some URL (*I* can't remember it either) and I found myself in a website called "Beautiful Black Men." I called the kid and apologized.

Not that there's anything WRONG with beautiful black men or anything!!

_________________
Dale

[thomlarson]

Here's a link to Symantec's (Norton's Antivirus) webpage about Klez. It includes everything that you need to know about the Klez virus, you'll also find a removal tool there. As mentioned in a previous thead, <B>never use a "virus removal tool" that is sent to you via email</B> (it probably contains a virus):
<P>
<A HREF="http://securityresponse.symantec.com/av ... html">Info on the Klez virus<A>

[Azalin]

Ohhh my, you mean that you landed on a site that had to do with low whistles, only a slightly different designed version...

Actually, another "funny" story. Sometime last year I received an e-mail from M&E Flute that said something like "South Park" or whatever. Was the first time I came in contact with a worm. I clicked on the executable, since I trusted the content, and nothing happened. I clicked like crazy, nothing happened... The day after, I have a message from my boss saying that I sent him an e-mail with a virus, and since it was from me, he opened it... He had many e-mails in his outlook from vice-presidents of companies like COMPAQ, IBM, Etc... Fortunately, his anti-virus catched it before it could be sent away. Believe me, I always have an anti-virus software running since then.

[Loren]

On 2002-09-15 20:57, jim_mc wrote:
Well, today I got one from you, Loren. Blue Devil, right. It promised to contain sexy pictures of your hot Japanese girlfriend. No joke.

Also got them from "hmi" and "judge_richard".

Edited to remove the @ part of the addresses.

No, it never comes from the person it's addressed to or from, as I understand this, it came from someone else who has my email address in their address book.

Actually, the Blue-Devil addy is a webtv address, and webtv is a OS/browser that cannot be infected by Klez, so I'm immune from being infected at that addy. This just bugs me becaus I have all this junk filling up my mailbox and using up my limited storage space - most of these fake emails that I'm receiving contain attachments.

I still don't see how Klez could fake a sign-in on a message board screen shot....I mean I can't imagine it was designed with that sort of thing in mind. PETRUS, have you scanned to see if you might have Klez?

Loren