Klez virus originator

[petermeachem]

I am being plagued by people sending me the klez virus. It is being picked up by Nortons ok, but is annoying me. Does anyone know any way of finding the originator? I tried some email tracker software that purported to do this, but it failed to find any info either on the headers from the Klez message or any other email. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon

http://www.accuflight.com/blue_peter_bikeathon_2002.htm

 

[Kento]

Someone in your address book or someone with your email address may be infected and not know it. Send everyone in it an email asking them to run a virus scan and see if they're infected. You can include this link for an online scanner if they have no av program:

http://housecall.antivirus.com/

 

[petermeachem]

This part ' someone with your email address ' is the problem. I've been sent viruses in the past from people I've never heard of and have no idea why they should have my email address. Also the innocent sometimes get offended if you ask that sort of question. Can I track back using the headers, or does it become anonymous fairly quickly. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon

http://www.accuflight.com/blue_peter_bikeathon_2002.htm

 

[AVChap]

You can look at the headers who actually sent the virus. More often than not, it's not going to be the person in the SENDER information. I've received this before and was able to trace where the email actually came from.

Hope this helps.

AVChap

 

[petermeachem]

Email headers vary quite a lot.

This is the header of one of the virii. No Sender field. Vpop is my mail distribution prog.

Received: from 127.0.0.1 by nt4work (VPOP3) with POP3; Mon, 13 May 2002 15:31:10 +0100
X-NAV-TimeoutProtection0: X
X-NAV-TimeoutProtection1: X
X-NAV-TimeoutProtection2: X
X-NAV-TimeoutProtection3: X
X-NAV-TimeoutProtection4: X
X-NAV-TimeoutProtection5: X
X-NAV-TimeoutProtection6: X
X-NAV-TimeoutProtection7: X
X-NAV-TimeoutProtection8: X
X-NAV-TimeoutProtection9: X
X-NAV-TimeoutProtection10: X
Received: from smtp.tninet.se (lennier.tninet.se [195.100.94.105])
by linux1429.easyspace.com (8.9.3/8.9.3) with ESMTP id OAA06381
for <annie@lifecoaching.org>; Mon, 13 May 2002 14:22:02 GMT
Date: Mon, 13 May 2002 14:22:02 GMT
Message-Id: <200205131422.OAA06381@linux1429.easyspace.com>
Received: from Aujdjyfq (sdu102-237.ppp.algonet.se [195.163.237.102])
by lennier.tninet.se (BMR ErlangTM/OTP 3.0) with ESMTP
id 266352.299817.1021.1s32969850lennier for <annie@lifecoaching.org>
; Mon, 13 May 2002 16:23:37 +0200 Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon

http://www.accuflight.com/blue_peter_bikeathon_2002.htm

 

[petermeachem]

There is a possibility that my problem has gone away. I read that Klez sets a pile of files to zero length on the 13th May. And I haven't had a virus for quite a while.
Actually it seems a silly thing for a virus to do because it will kill itself in the process. I expect that whoever gets to fix these computers would reinstall, or at least remove the virus. Fingers crossed. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon

http://www.accuflight.com/blue_peter_bikeathon_2002.htm

 

[petermeachem]

No such luck. Two copies today. I shall email all the from people. See what they can come up with. Peter Meachem
peter@accuflight.com

Support Joanna's Bikeathon

http://www.accuflight.com/blue_peter_bikeathon_2002.htm