homepage Welcome to WebmasterWorld Guest from 54.167.41.199
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
New Marketing Technique?
it looks like spam
lawman




msg:641765
 10:52 am on Aug 13, 2002 (gmt 0)

The past couple of days I've received notices from a couple of places with a message as follows:

This is an automated message from xxxxxxxxx.com

You sent a message that contained potentially
harmful content.

Original message recipient(s):
aaaa@bbbb.com

Scan report:
Virus 'W32/Klez.H@mm' in height.pif

All my computers have been scanned using most recent updates. The email address is not in my address book. Looks like just a new spam technique.

What do you think?

lawman

 

Nick_W




msg:641766
 10:56 am on Aug 13, 2002 (gmt 0)

Without a doubt. sticky me, and lwt's check 'em out ;)

Nick

deejay




msg:641767
 11:03 am on Aug 13, 2002 (gmt 0)

If I remember right, klez is pretty good at masquerading as coming from an address when it's actually come from somewhere else entirely.

The message could be on the level.

deejay




msg:641768
 11:16 am on Aug 13, 2002 (gmt 0)

yep.. here we go. Knew I'd seen this somewhere.

"Important Note: The e-mails sent by Klez.E worm often have faked sender's address. The worm randomly picks sender's address from web pages, ICQ databases or Windows Address Books. This means that if you get Klez.E worm in e-mail, it's quite likely that it was NOT sent to you by the person listed in the 'From' field of e-mail message (sender's address). "

It is likely that the people who sent you the emails believe they have received the virus from you. In fact it's come from somewhere else entirely.

From this page at F-Secure:
www.europe.f-secure.com/v-descs/klez.shtml

In that instance it's actually talking about Klez.E. I find versions of viruses are often somewhat interchangeable though, either because it has been incorrectly identified or because there may be more than one version of a version.

Info on Klez.H here:
www.europe.f-secure.com/v-descs/klez_h.shtml

DaveN




msg:641769
 11:22 am on Aug 13, 2002 (gmt 0)

Lawman,

Trends spin on the klez

Mass-mailing routine
To propagate copies of itself, this worm uses its own SMTP engine to send an email containing its executable program. It has several ways of collecting its spoofed source email address and target email address.

It randomly chooses its target users from the above pool of email addresses and from the email address that appear in the From field of the email.

At present our mail server is catching about 100 an hour. it a real pain try to catch which customer is infected as klez spoofs itself 99% of the time.

DaveN

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved