These are results of a variant of the Klez virus, W32.Klez.gen@mm. It is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages. A cleanup procedure/fix and a more complete and thorough explaination can be found at http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@...
Best regards,
Nik
All American Products <miket@...> wrote: I received a few of these messages myself on around May the ninth.
I use At&T WorldNet service and our website is located on ISP site. I have no idea how they got our e-mail address.
Mike Tonoyan / All American Products Co.
miket@...
Best regards,
Nik
All American Products <miket@...> wrote: I received a few of these messages myself on around May the ninth.
I use At&T WorldNet service and our website is located on ISP site. I have no idea how they got our e-mail address.
Mike Tonoyan / All American Products Co.
miket@...
----- Original Message -----
From: "Todd Caughey" <caugheyt@...>
To: <vantage@yahoogroups.com>
Sent: Friday, May 31, 2002 1:13 PM
Subject: [Vantage] [OT] Strange Spam
> I just just the strangest spam I've (yet) seen. Wondering if maybe an
> expert here could explain.
>
> Received a message from our Exchange server stating that a message I had
> sent could not be delivered. Funny thing was I had not sent any. Nothing
> in my "sent items" folder for it either. It was addressed to
> <mailto:Webmaster@...> Webmaster@... which is not
> even an account here (hence the failed delivery). While checking it out I
> received another email with same subject (You're Paying too Much) from
> myself (huh!) in my Junk Email folder. This one lists me as the sender and
> Postmaster@... <mailto:Postmaster@...> (didn't know
> I had this name set up). The Internet headers indicate a spam outfit in
> Australia ( aasw.asn.au by OR214O5V.aasw.asn.au ) but who knows where it
> really originated.
>
> Sort of curious how they could make it look like I sent the message to the
> Postmaster account. Enough so that when the Webmaster version failed
> delivery our Exchange server really thought it had been sent from here and
> notified me. I have SMTP relay turned off and we are behind a firewall.
> Also the one that got through had the purple "S" script icon in the corner.
> I'm hoping that by previewing it I did not activate something. I have
> scripting set to always prompt and I saw no prompt when I opened preview the
> message so I don't think anything ran.
>
> But this is by far the weirdest email I've seen.
>
> -Todd Caughey
> Harvey Vogel Mfg. Co.
>
>
> [Non-text portions of this message have been removed]
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to
enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
Yahoo! Groups SponsorADVERTISEMENT
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and Crystal Reports and other 'goodies', please goto: http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto: http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto: http://groups.yahoo.com/group/vantage/links
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
Do You Yahoo!?
Sign-up for Video Highlights of 2002 FIFA World Cup
[Non-text portions of this message have been removed]