Re: [sixties-l] Virus On the Loose

From: drieux (drieux@WETWARE.COM)
Date: Thu Aug 22 2002 - 09:37:02 EDT

  • Next message: drieux: "Re: [sixties-l] war threats"

    On Saturday, August 17, 2002, at 10:02 , Sorrento95@aol.com wrote:
    > On August 17, 2002, I received the following email message from RozNews@a
    > ol.com:
    >
    >> Hi,This is a funny website
    >> I wish you would like it.
    [..]
    >
    > I have been getting nonsense emails like this for months.

    most of them are klez.h or variants on it.

    what that specific one is doing is exploiting a security
    hole in the Microsoft Internet Explorer that can be closed
    if folks install the new security patches.

    The problem is that an infected target will read the
    'address book' and use one address as the 'From'
    line and retransmit itself to all the other addresses
    in the address book.

    This way it looks like it is coming from someone
    who is common to you - but is actually coming from
    a third player. You would need to actually read the
    email headers.

    All that is required for it to look like it is
    coming from sixties-l is that someone has this
    email address in their address book - and it need
    not be anyone on the list - it can be a spammer
    who has collected this email address with a webBot.

    ciao
    drieux

    ---
    



    This archive was generated by hypermail 2b30 : Sat Sep 07 2002 - 17:32:27 EDT