Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Klez originator 1

Status
Not open for further replies.
petermeachem

petermeachem

Programmer
Aug 26, 2000
2,270
GB
I'm still trying to find out how to trace back the originator of a Klez virus.

My best attempt so far is to email all the From addresses, explain the situation and ask if they know anyone else on the from list. To date I have had one reply. The person said they used Nav, so they were ok. Doh. The others have not replied, I suspect they thought I was sending them a virus.

Any help appreciated. This is getting on my nerves. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon
 
Sort by date Sort by votes
Klez tends to spoof the From e-mail. If you right-click the e-mail, go to properties, then click the details tab (at least of Outlook Express) you should get some info about the e-mail. Somewhere in there are some lines that should say "Received: from." Somewhere on these lines are an IP address. This should give a clue to where they come from. I use a program called Sam Spade ( that can track back who owns that IP. If you are really lucky, you might be able to gleam the real address on one of the other lines. James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.
 
Upvote 0 Downvote
James, thanks for the link. Some pretty cool tools there. Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
 
Upvote 0 Downvote
You may be out of luck, then. :-( James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.
 
Upvote 0 Downvote
Re: the outlook expression bit to find the true sender, if u click properties and look at the message source there is a 'Return-path'. On all the Klez email's I've been getting this has had the same email address (although a different from address on each). I've since written to the isp owning this email address and they have said they'd contact the owner and either get him to stop or remove his permission to the network via their isp. Maybe you could try the same.

DukeSc
 
Upvote 0 Downvote
Complete and utter silence from telia. Not even the courtesy of a auto reply.

I think this is amazing. This is the text of one of my (48) klez virii that I have received so far.
Damned cheek.

From: chep
To:
Sent: Friday, May 24, 2002 7:08 AM
Subject: W32.Klez.E removal tools


Symantec give you the W32.Klez.E removal tools
W32.Klez.E is a dangerous virus that spread through email.

For more information,please visit
Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

eabrook2
  • Locked
  • Question
Klez and Bugbear virus
Replies
1
Views
19
AVChap
AVChap
LadySlinger
  • Locked
  • Question
Klez Stole Email Address! 1
Replies
2
Views
24
LadySlinger
LadySlinger
petermeachem
  • Locked
  • Question
Klez virus originator
Replies
6
Views
33
petermeachem
petermeachem
Ipsofacto
  • Locked
  • Question
Elkern/Klez
Replies
3
Views
26
THoey
THoey
tempo21
  • Locked
  • Question
system32.exe infected with Klez
Replies
14
Views
76
KimberTech
KimberTech

Part and Inventory Search

Sponsor

Back
Top