Klez Stole Email Address! 1

[LadySlinger]

I found out from one of our other offices that Klez stole an employee's email address and is now using it as a false return address and now the user gets Anti Virus programs emailing him back saying that his computer is infected.

He has already run the removal tool from both Symantec and McAfee. I am suggesting to him Spyware. Anyone else have suggesions?

Thanks!
LS

 

[wbg34]

Because of the way klez works (it takes an e-mail address that is stored on the infected computer and masquerades it's e-mail as if being from that host) chances are that the employee never was infected. The steps that they have taken should prove that, but they will continue to get flames from av mail scanners until the source of the infection is found and cleaned. This is easy if you have access to any headers from an infected e-mail that was sent. Once you can look at an e-mail header the infected senders real address will be listed in the return path statement. I.E.
Return-Path: <noavinstalled@infected.com>

Notify that person and once they have been cleaned the av spam should stop.

 

[LadySlinger]

THanks WBG34!