[ale] Email Tracking

Kevin Krumwiede krum at smyrnacable.net
Thu May 2 13:28:20 EDT 2002 

Klez is known to generate fake bounce messages.  The victim opens the
attachment to see if it's important enough to resend, and bam...

Krum

On Thu, 2002-05-02 at 09:59, Kevin O'Neill Stoll wrote:
> Hey all,
> 
> I received a weird email just yesterday. The email shows as though I had
> personally sent it but that I got the address wrong. Needless to say I
> know that I didn't send it. The email had a few attachments with it one of
> which had a file that contained a virus. Specifically, W32.Klez.gen at mm. 
> 
> I'm afraid that my home Win98 mahcine has this virus on it but this email
> is the first sign of it that I have. Anyway, looking for feedback as to
> how, who or what send this email on "my behalf". If it is the virus,
> Symantec
> (http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html)
> has some instructions as to how to take care of it.
> 
> 
> Thanks for the feedback in advance :)
> 
> I have included the full email headers below:
> host4.hostaurl.com is my siteturn.com hosting server
> kstoll at localhost should be my Linux box acting as router and masq for my
> DSL service.
> 
> 
> X-Apparently-To: kevinostoll at yahoo.com via web12606.mail.yahoo.com; 01 May
> 2002 13:15:11 -0700 (PDT) 
>  
> Return-Path: <kstoll at host4.hostaurl.com> 
>  
> Received: from host4.hostaurl.com (209.239.36.17) by mta461.mail.yahoo.com
> with SMTP; 01 May 2002 13:15:10 -0700 (PDT) 
>  
> Received: (from kstoll at localhost) by host4.hostaurl.com (8.10.2/8.10.2) id
> g41KF8S00473 for kevinostoll at yahoo.com; Wed, 1 May 2002 16:15:08 -0400 
>  
> Received: from mx04.gvl.sys.nuvox.net (mx04.gvl.sys.nuvox.net
> [64.89.70.86]) by host4.hostaurl.com (8.10.2/8.10.2) with ESMTP id
> g41KF5D00455 for <kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:15:05
> -0400 
>  
> Received: from Udwbd (216.215.247.48.nw.nuvox.net [216.215.247.48]) by
> mx04.gvl.sys.nuvox.net (8.11.4/8.11.4) with SMTP id g41KDxK24955 for
> <kevin_stoll at kevinstoll.org>; Wed, 1 May 2002 16:14:00 -0400 
>  
> Date: Wed, 1 May 2002 16:14:00 -0400 
>  
> Message-Id: <200205012014.g41KDxK24955 at mx04.gvl.sys.nuvox.net> 
>  
> From: "postmaster" <postmaster at kevinstoll.org> | Block Address  | Add to
> Address Book 
>  
> To: kevin_stoll at kevinstoll.org 
>  
> Subject: Undeliverable mail--"the Garden of Eden" 
>  
> MIME-Version: 1.0 
>  
> Content-Type: multipart/alternative; boundary=DjPdv8p6t1KR629OI 
>  
> Content-Length: 63000
> 
> The following mail can't be sent to di_rich_stone at compuserve.com:
> 
> From: kevin_stoll at kevinstoll.org
> To: di_rich_stone at compuserve.com
> Subject: the Garden of Eden
> The file is the original mail 
> 
> 
> =====
> ================================
> Kevin O'Neill Stoll
> http://kevinstoll.org/
> 
> OpenSource Software ... FREE!
> Angering Bill Gates ... Priceless!
> ================================
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - your guide to health and wellness
> http://health.yahoo.com
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list