How Klez Works


[Follow Ups] [Post Followup] [Dodge Power Wagon Forum]


Posted by MikeC on Tuesday, August 20, 2002 at 6:53AM :

In Reply to: HELITOOL POSTING READ THIS BEFORE!!! posted by Jason (utah) on Tuesday, August 20, 2002 at 1:46AM :

I wanted to clarify how the Klez virus works. It did not come via the senders account, it came from someone's account that has Helitool's email address in their address book. From the SARC website:

This worm often uses a technique known as "spoofing." When it performs its email routine. it can use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

For example, Linda Anderson is using a computer that is infected with W32.Klez.H@mm. Linda is not using a antivirus program or does not have current virus definitions. When W32.Klez.H@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From:" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, Norton AntiVirus does not find anything--as would be expected--because his computer is not infected.


I get about 5 emails a day with the Klez virus. I use the above email address on this and one other board and the return addresses are addresses from both. I've received email's from many members of this board but realized that they are generating from one or two individuals with no antivirus protection. So-chances are that Helitool is an innocent bystander in this mudslinging. Let's use it as a learning tool and move on.



Follow Ups:



Post a Followup

Name:
E-Mail:
Subject:
Message:
Optional Link
URL:
Title:
Optional Image Link
URL:


This board is powered by the Mr. Fong Device from Cyberarmy.com