Identity theft

Kevin Houle kevin at
Thu Sep 12 19:08:40 EDT 2002

Carter Bullard wrote:
> Hey Yotam and the list,
>    Please accept my apologies.  It seems that I got hit
> by a new variant of an old virus.  New virus definitions
> loaded, hope that's sufficient.

W32/Klez sets the From and To headers based on information
it finds on the infected computer. The From header is *not*
that of a user account on the infected computer.

Received: from Edspnwzqf ( [])
	by (8.10.2/8.10.2) with SMTP id g8CBaOn32725

There is the infected computer. It may have been used to view
a webpage containing both your email address and the email
address of the list.

Still good that you updated your signatures, tho ;-)


More information about the argus mailing list