RE: [802SEC] Virus alert
Yes, I got six different variants each with a different source addresses
that we're stripped by our Boeing virus scanners.
They all appear to be derivatives of the W32.Klez.H@mm virus which is
making the rounds right now. Make sure your
Anti-Virus defs are up to date because this one is new since April 17, 2002.
It has random subjects and random
attachment names so it can be tricky to spot and is tough to remove if you
get hit. For more info, check out:
Dr. Everett O. (Buzz) Rigsbee
PO Box 3707, M/S: 7M-FM
Seattle, WA 98124-2207
Ph: (425) 865-2443
Fx: (425) 865-6721
From: email@example.com [mailto:firstname.lastname@example.org]
Sent: Friday, April 19, 2002 1:46 PM
Subject: [802SEC] Virus alert
Someone is apparently sending out viruses to people they pick off reflectors
with fake sender addresses so they look like they came from someone on the
A member of the Exec has received one that had my name in the from field but
looking at the header it appears to actually have originated from Eexegxp
(niovi.eng.auth.gr [188.8.131.52]. Some of the IETF reflectors have been
experiencing the same kind of attack.