Don't trust the "From" in these things. They often use fill the "From"
with one address from the address book and the "To" with another.
The headers on the two I just received originated from within the "cox.net"
domain (by the mail server headers). A scan of the last two months of list
postings showed two individuals with their postings originating from the
"cox.net" domains:
Bryan Pilati
Phillip Franklin
That's not to say it's either of them, just that they have email addresses
in the same domain as it originated from. I strongly recommend both of
them scan their machines quite thoroughly with the most current *updated*
virus detection software. Both contained a W32/Klez.?@MM (don't recall the
variant; very likely the Klez.h) worm in executable attachments (which were
promptly ensnared and deleted during my mail download). One of the two
attachments was supposedly a "W32.Klez.E removal tool" and the message text
urged using it to prevent infection from the worm!!!! The Klez.h variant
is a *new* worm discovered in mid-April this year.
IMPORTANT NOTE:
This email worm is rather insidious about blocking known virus scanning
software from working correctly. If you even think you might have this
worm, see McAfee's remarks about detection and removal, and the variants:
http://vil.nai.com/vil/content/v_99455.htm
DETECTION AND REMOVAL IS **NOT** STRAIGHTFORWARD!
-- John
At 19:23 5/9/02, Paul Schings wrote:
As soon as I got wind of this this morning I updated my virus signatures and
scanned everything. I received warnings from agschnozz and tscales saying I
was infected with either W32.Elkern or Klez.E (both worms). My AV software
(CA Unicenters Advanced Antivirus Option) says that both of these should be
detected by the signatures I downloaded, but nothing was found - and no, that
doesn't give me a warm and fuzzy.
If anyone receives anything unusual from me, please let me know.
Paul Schings
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|