PDA

View Full Version : Computer Virus


Please visit our sponsor:
 

AikiWeb Sponsored Links - Place your Aikido link here for only $10!


Steven
09-06-2002, 09:14 AM
Hi Jun,

I think your computer may be infected. I received an email from what looks like your account that is most definitely bogus. Here is the hearder information.

===
Return-Path: <stasikr@owl.au.poznan.pl>
Received: from owl.au.poznan.pl ([150.254.175.2])
by rsvlterm.rsvlonline.net (Post.Office MTA v3.5.3 release 223
ID# 0-67799U3500L350S0V35) with ESMTP id net
for <aysdojo@seikeikan.com>; Fri, 6 Sep 2002 03:48:33 -0700
Received: from Mbulzul (wmiispc205.au.poznan.pl [150.254.197.205])
by owl.au.poznan.pl (8.9.3+Sun/8.12.5) with SMTP id MAA01675
for <aysdojo@seikeikan.com>; Fri, 6 Sep 2002 12:55:20 +0200 (CEST)
Date: Fri, 6 Sep 2002 12:55:20 +0200 (CEST)
Message-Id: <200209061055.MAA01675@owl.au.poznan.pl>
From: akiy <akiy@aikiweb.com>
To: aysdojo@seikeikan.com
Subject: Worm Klez.E immunity
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=I2n852BUr58o28I13zW611ns68l7625Xz6k
===

This domain that ends in ".pl" is a real pain in the butt. I get more crap from it then any other.

Kind Regards ...

akiy
09-06-2002, 09:54 AM
I don't see how the "Klez" virus could be affecting my e-mail as I'm not running the Windows operating system! The Klez virus is a bit tricky in that it affects User A's computer and looks into User A's addressbook to takes two addresses. It then uses one of the addresses as the "to:" field (in this case, "aysdojo@seikeikan.com" and the other as the "from:" field (in this case, "akiy@aikiweb.com") and then sends the virus off.

So in other words, my server had nothing to do with the virus. You can see in the header, as you mention, that the virus came from a .pl server -- most likely from <stasikr@owl.au.poznan.pl>. You probably want to contact this person instead.

Hope that helps,

-- Jun

Steven
09-06-2002, 01:12 PM
Hi Jun,

I seem to get a lot of junk mail from the domain "PL". I figured it was something like this but thought it wouldn't hurt to let you know.

My system is clean as both my personal and corporate virsus scans and firewalls keep us pretty safe. But just in case, I did run my system through the ringer this morning to make sure.

Cheers ...

akiy
09-06-2002, 01:19 PM
.pl is the top level domain code for Poland (just like the US's is .us, Japan's is .jp, and Germany's is .de)...

Here's a listing of all of the top level domain codes:

http://www.norid.no/domenenavnbaser/domreg.html

-- Jun

mj
09-06-2002, 01:33 PM
Goddamned klez is everywhere just now. Seems harmless so far...but it's the point that it can spread so easily.

DaveO
09-06-2002, 02:34 PM
What's Klez?

Steven
09-06-2002, 06:13 PM
What's Klez?
It is the name of a computer virus. You can read all about it at http://www.symantec.com.

Jun - Thanks for the link. My ISP is now blocking all e-mail from the .PL domain. Hope nobody from that domain needs to reach me, cause it "ain't gonna happen"

Regards ...