Several hundred times a day at work (for our corporation) and a dozen times a day at home.

Virus scanners all working perfectly though.

Richard LOwe

Ive been also getting them for the past month...very annoying

A friend's computer was infected so Klez got my email address from her address book. My PCs never been infected, but now the worm is spoofing my email address all over the net. I keep geting messages back from virus software that an email I sent was infected, even though I never really sent the emails.

This virus is unusually persistent. It seems like they usually decay exponentially after a week or two. Klez seems to keep going at a more or less even pace.

Klez spoofs the from address on a email, so it might appear someone is infected and they really are not. For example, if Tom received a message from Jeff, then sent a message to bob who got infected with Klez, Bob's machine might sent an email to Tom which said it was from Jeff, even though Jeff's machine is not infected.

Thus sending an email to the From address is really kind of useless.

Richard Lowe

I've been getting them and removing them with mailwasher.

The originating mail address is in the Return-Path field. Don't know why this wasn't spoofed.

Watch out for an antiklez scam spam. It tells you that it will load a fake klez virus on your machine that fools the real virus into not activating. This is a scam. It is the real virus! It offers e-mail help, and comes accross as very professional and authentic. Only download from Norton or other know antivirus sites. These guys are sneaky!

>>The originating mail address is in the Return-Path field. Don't know why this wasn't spoofed

of the last 100 or so klez mails i've received, only 3 have a return path shown in the headers. maybe different versions of klez do different things?

i was getting bombarded with about 100 a day at one point - the headers showed that most were coming from someone using a particular ISP. i don't normally email people with virus warnings, but in this case i sent out emails to half a dozen people i knew using that ISP - i included links to the klez info on symantec.com and a copy of the klez removal tool - within a couple of days, i was down to just a handful of klez mails per day.

Klez is very clever and can send out the email not only to but also from any email address so it is impossible to tell people their comps are infected etc.

VT is right. it can and does spoof. The address it appears to come from is usually unaware that it is infected. I get about a half dozen a week. I did not know that many people had my address in their books.
Norton has been doing a great job catching them. I THINK!

>>The address it appears to come from is usually unaware that it is infected. I get about a half dozen a week. I did not know that many people had my address in their books.<<

Note that with spoofing, the "address it appears to come from" may in fact not be that of an infected computer... and the address doesn't have to be in anybody's address book. It simply needs to be somewhere on the infected computer.

From the Symantec Anti-Virus Center [symantec.com]:

This worm often uses a technique known as "spoofing." When it performs its email routine. it can use a randomly chosen address that it finds on an infected computer as the "From:" address, numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else.

My Yahoo mail account is still being hit daily, while my home computer hits have dropped way off. I thought Yahoo mail was safer, as they say they screen for viruses, guess not if its not an attachment.

It is a very skilled virus. I receive it any other weeks: some days several infected files. It seems to me cyclic.
Using Eudora and McAfee, no problem.