[ngw] KLez Virus Problem

Possum John PossumJohn at SoStar.Net
Sat Jun 22 04:54:06 UTC 2002


Thanks for your reply, Dawn.  I'm glad that I'm not going bonkers after
looking at all the headers I've been subjected to in the last 2 months.  I
looked up the registered admin and tech contacts through GeekTools and sent
them an email, but I haven't heard anything back.  I'm off until Thursday, so
I guess it'll have to wait til then.

Dawn Drake wrote:

> Huh, I got one from genesco.com the other day, too, and I thought the klez
> header looked different, as well.
>
> >>> PossumJohn at SoStar.Net 6/21/02 5:43:02 PM >>>
> Hi ya'll!!
>
> I'm including the headers from a KLez infected email below.  They look
> different than any of the others I've seen before (and I've seen
> plenty).  The only IP address I can see in the headers is mine (hence
> the mask).  I just wanted to get an opinion from other experienced
> admins on where this particular email originated.
>
> Thanks,
> PJ
> = = = = = = = = = = = = =  Full Email Message Headers Attached  = = = =
> = = = = = = = = = = =
>
> MAIL FROM: <NetAdmin at KRLEGAL.COM >
> RCPT TO:<Cakskosky at aol.com>
> Received: from genesco.com
>         by NS1.KRLegal.Com; Fri, 21 Jun 2002 14:54:51 -0600
> From: jobs <jobs at federaljobsearch.com>
> To: Cakskosky at aol.com
> Received: from no.name.available by genesco.com
>           via smtpd (for user-24-214-xxx-xxx.knology.net
> [24.214.xxx.xxx]) with SMTP; 21 Jun 2002 19:55:00 UT
> Subject: 00000000
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>         boundary=Zck2kFC0dALO17G44x
>
> --Zck2kFC0dALO17G44x
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><HEAD></HEAD><BODY>
> <iframe src=3Dcid:F81zt99WATO5754 height=3D0 width=3D0>
> </iframe>
> <FONT></FONT></BODY></HTML>
>
> --Zck2kFC0dALO17G44x
> Content-Type: audio/x-midi;
>
> --
>         GroupWise Specific Solutions for
>   Anti-Virus/Spam, Fax, Archiving & more
> Cool Tools & Downloads + Expert Advisors
>               www.gwtools.com
>
> Visit http://www.ngwlist.com to subscribe or unsubscribe.
>
> --
>         GroupWise Specific Solutions for
>   Anti-Virus/Spam, Fax, Archiving & more
> Cool Tools & Downloads + Expert Advisors
>               www.gwtools.com
>
> Visit http://www.ngwlist.com to subscribe or unsubscribe.




More information about the ngw mailing list