Fwd: [Loch-Ruadh] Returned mail--"to class"

Sluggy slugmusk at linuxlegend.com
Sun Sep 8 22:59:18 PDT 2002 

Sam Milligan wrote:

> This is another example of one of the viruses that use the infected
> system's address book to send out copies of itself, using one address
> from the book as the "To" and another as the "From".

My lovely Lady Gabrielle had a short bout with a Klez worm infection
last week. It appears that she got it from the Ansteorra-Equestrian
list. At least one non-subscriber that "posted" to the LR list appears
to have been in Gabby's short address book. He, on the other hand, seems
to have had a huge address book, and even though he cleaned it up pretty
quick, it still had plenty of time to propagate from there. I have been
getting stuff "from" him and his other friends as the worm does as a
worm does.

An additional insidiousness that they can sometimes prey on you with is
a message with a blank subject line and a blank message. You double
click it to see if there is something there afterall and, boom, you're
infected.

> mta4.rcsntx.swbell.net (although this last one may be just a pass-thru)

This is one of swbell's mail transfer servers. Most likely, the person
who is infected with the worm is a swbell subscriber.
in its address book. I don't think Gabrielle has Angelia's address in
her address book, so I don't think it came from her in this instance.

> Another reason to keep your antivirus software updated.

I found a simple and powerful tool that cleans several variants of Klez
and a couple other worms. It is easily found by going to
http://www.download.com and searching for "klez". It's a small download,
about 60K if I remember right.

Of course, Klez and other such worms and trojan horses affect Outlook
and Outlook Express, due to Microsoft's (very bad) decision to allow
programs attached to emails to run automatically unless you specifically
disable the feature. Even then, you need only double click to
accidentally run it yourself.

If a car has troubles and the factory issues recall after recall, people
stop buying that car. The number of security-related updates from
Microsoft should frighten people but somehow it doesn't. I guess I will
never understand why.

Ok, I'll get down off the soapbox... :)

Sluggy!

More information about the Loch-Ruadh mailing list