Identity theft
Kevin Houle
kevin at houle.org
Thu Sep 12 19:08:40 EDT 2002
Carter Bullard wrote:
> Hey Yotam and the list,
> Please accept my apologies. It seems that I got hit
> by a new variant of an old virus. New virus definitions
> loaded, hope that's sufficient.
W32/Klez sets the From and To headers based on information
it finds on the infected computer. The From header is *not*
that of a user account on the infected computer.
Received: from Edspnwzqf (PCV-J20-Series.scn3.canet.ne.jp [61.198.135.58])
by po5.canet.ne.jp (8.10.2/8.10.2) with SMTP id g8CBaOn32725
There is the infected computer. It may have been used to view
a webpage containing both your email address and the email
address of the list.
Still good that you updated your signatures, tho ;-)
Kevin
More information about the argus
mailing list