[ale] Klez virus

Sean Kilpatrick kilpatms at mindspring.com
Mon Mar 31 11:42:03 EST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am not very good at decyphering header data.
Can anyone tell me where this little goodie
_might_ have come from?
Obviously enough, the attachments have not been
made part of this message.  I say that with
the near certainty that the attachments are,
indeed, the virus.

Sean

PS the "From:" line is obviously spoofed as that
individual wouldn't have a clue about creating
a anti-virus virus.
- ------------------- <copied material follows> -----------------

Status: R 
Return-Path: <dwender1 at comcast.net>
Received: from smtp.comcast.net ([24.153.64.109])
        by wanamaker.mail.atl.earthlink.net (Earthlink Mail Service) with 
SMTP id 18ZTmn77U3Nl3oJ0
        for <kilpatms at mindspring.com>; Mon, 31 Mar 2003 02:05:35 -0500 (EST)
Received: from Zjqulo (c-24-98-68-66.atl.client2.attbi.com [24.98.68.66])
 by mtaout11.icomcast.net
 (iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
 with SMTP id <0HCL00AKJQAD5J at mtaout11.icomcast.net> for
 kilpatms at mindspring.com; Mon, 31 Mar 2003 02:03:52 -0500 (EST)
Date: Mon, 31 Mar 2003 02:03:49 -0500 (EST)
Date-warning: Date header was inserted by mtaout11.icomcast.net
From: rschult <rschult at LearnLink.Emory.Edu>
To: ale at ale.org
Subject: Worm Klez.E immunity
To: kilpatms at mindspring.com
Message-id: <0HCL00AKKQAD5J at mtaout11.icomcast.net>
MIME-version: 1.0
Content-type: multipart/alternative;
  boundary="Boundary_(ID_yI3GAkUX7+ZkfJF9/2Lgew)"
X-Status: N


<HTML><HEAD></HEAD><BODY>

<FONT>Klez.E is the most common world-wide spreading worm.It's very 
dangerous by corrupting your files.<br>
Because of its very smart stealth and anti-anti-virus technic,most common AV 
software can't detect or clean it.<br>
We developed this free immunity tool to defeat the malicious virus.<br>
You only need to run this tool once,and then Klez will never come into your 
PC.<br>
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV 
monitor maybe cry when you run it.<br>
If so,Ignore the warning,and select 'continue'.<br>
If you have any question,please <a 
href=mailto:rschult at LearnLink.Emory.Edu>mail to 
me</a>.</FONT></BODY></HTML>

- ----------------------- <end copied material> ------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+iG/h73hVp4UeGJERAv/VAKDHCkYVt2S+Mbg7C81pxtSUGPSOUwCeO7RZ
Tod/k9S90/2v4uNvNs2KbLg=
=6PJY
-----END PGP SIGNATURE-----

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list