Hi

if you recieve email that contains the klez virus dos that mean someone i know (who has my email)has got it? even though its got a fake address?

thanks
Greg

Yes, the virus use the address book. The "faked" from address is the one of the person who infected the sender.

Sorry Danny, that isn't right. The Klez virus picks an address at random from the infected computer and uses that as the From address. See Symantec's write-up for complete information:

Symantec's Klez.H write-up

The only way to see where the virus really came from is to look in the header information, it will show the true sender.

Greg- Sorry, I should have given a response to your question as well. It's quite possible that the person you got Klez from is not someone you know at all. I'll tell you my personal story:

About a week ago I started getting several infected e-mails every day, all with different From addresses. I looked in the header on one and found out it was someone I know who I used to work with. She lives nearby, so I went over and disinfected her PC. The next day I got a few more, but this time they were from someone I didn't know. It turns out that this person's address was in the address book of my ex-coworker whose machine I cleaned. I have no idea who he is, and he doesn't know me, but somehow a chain was created by Klez, linking us together. Since then I have received a few more, from someone I don't know. I assume this person is in the address book of the last guy, so the chain keeps growing.

So I guess my answer is, you might know the person who sent it to you, but you may not.

delete all the addresses in the OE address book. Yes it will be a little inconvinient but you will help to stop spreading of the virus.

i have been hit several time and it has even ruined mcafee and escan programs.

Or, here's an idea: Don't infect yourself! By deleting your own address book you're basically saying "I expect to be infected sometime in the future, so I'll delete my own addresses so that I don't spread the virus when I do become infected." Diligent antivirus updating and a little common sense are the best ways to stop a virus!

Brent, I have a question.

If I right click on the header, is the address I see there, is that where it is reall comming from?

Q.2 Say in the case of your co-worker. Would the infected emails that were sent to you show up in her 'Sent' folder? Either showing the attachement or not.

hi

thanks for all your replies but 2 more questions

1) whats a header?
2) where is this header and how do i find it in hotmail?

thanks
Greg

An email consists of two parts, the header and the body of the message.

The header is the short line, or 'heading' that you first see with just who the email is from, the subject and in Outlook Express, the size of the file.

Hotmail is automatically scanned for viruses. We are speaking mainly here of Microsofts Outlook Express. In some senses, it's not 'real' email, it's 'webmail'. It's on the web server, not on your machine. Unless you click on an attachement that is.

When you *right* click on the header and choose Properties, that's where you see the information Brent is talking about. You don't see this info in hotmail headers.

To make things a bit clearer, it's Hotmail that's actually 'web' mail.

Outlook Express is email.

Hi, been a busy day here, first chance I've had to check this board! Here are some answers/clarifications:

1) The header is much more than just the From, To, and Subject fields. The header is usually several lines long, and contains all the routing information between the sender and recipient, i.e. all the servers the message passed through. The header also tells who the true sender is. To view the header in Hotmail, go to Options->Mail Display Settings, and click the Full radio button under Message Headers. This will display the full header information for every message you've received. Look for the line that says Return-Path: that is the true sender. To do this in Outlook Express, highlight the e-mail and click on File->Properties->Details. Again, look for Return-Path to see who the real sender is.

2) The Klez virus contains it's own engine for sending e-mail. Therefore, you will not see anything in your Sent Items.

Hope that helps!

Brent

Well that tricky Klez eh?

Thanks Brent, I never knew you could see the header info in Hotmail. Something new eveyday!

Hi,

I keep getting emails coming back to me that I'm supposed to have sent. They have congratulations in the title or here is a game I wrote. They have attachments like height.scr or install.exe.

The emails are sent back to me by the recipients isp saying a security measure is not to accept exe or scr etc.

Now, I haven't sent these, I use a non html based non-outlook email client.

I have virus checked and all is ok. Does this mean that someone's pc I have emailed at some time has got the Klez virus and is picking my address out to send emails to other people in that address book?

Therefore it won;t stop until the person cleans their machine?

Thanks in advance.

Danny- Yes, that is probably what is happening. Are you able to see the full headers on the e-mails, so you can see who is generating the messages? If not, I suggest contacting everyone who might have your address in their address book and suggest they update their virus protection.

hi

wont this mean i have to open the email?
and if i did that would i get the klez virus?
tthanks

Greg

The only things I can see in the header are my email address, the Mailer-Daemon@mailcore.pol.net.uk address which has rejected it because it has an scr attachment and the recipient address.

Greg- It is safe to open the e-mail, just don't open any of the attachments. That is how you get infected with Klez.

Danny- Not sure what to tell you. Unless you get an e-mail directly from whoever it is that is infected, you may never know who it is.

Brent - thanks

So far I've had a three over the last week. All have been returned by the isp before getting to the recipients.

Thanks for the advice and info though.

Thanks Brent !

Greg

>Greg- It is safe to open the e-mail, just >don't open any of the attachments. That is >how you get infected with Klez.

Wrong! Klez exploits a bug in Microsoft
Outlook. If you do not have Microsoft
Outlook updated, just reading the message
will infect your computer.

-Chaz

Is it possible to contact the organisation responsible for mailcore.pol.net.uk or is it a fictitious address. One of our addresses is receiving between 5 & 25 infected e-mails each day. Fortunately the anti-virus on our server is kicking it out every time but I would like to be able to block the incoming messages - any ideas ?