Without a doubt. sticky me, and lwt's check 'em out ;)

Nick

If I remember right, klez is pretty good at masquerading as coming from an address when it's actually come from somewhere else entirely.

The message could be on the level.

yep.. here we go. Knew I'd seen this somewhere.

"Important Note: The e-mails sent by Klez.E worm often have faked sender's address. The worm randomly picks sender's address from web pages, ICQ databases or Windows Address Books. This means that if you get Klez.E worm in e-mail, it's quite likely that it was NOT sent to you by the person listed in the 'From' field of e-mail message (sender's address). "

It is likely that the people who sent you the emails believe they have received the virus from you. In fact it's come from somewhere else entirely.

From this page at F-Secure:
www.europe.f-secure.com/v-descs/klez.shtml

In that instance it's actually talking about Klez.E. I find versions of viruses are often somewhat interchangeable though, either because it has been incorrectly identified or because there may be more than one version of a version.

Info on Klez.H here:
www.europe.f-secure.com/v-descs/klez_h.shtml

Lawman,

Trends spin on the klez

Mass-mailing routine
To propagate copies of itself, this worm uses its own SMTP engine to send an email containing its executable program. It has several ways of collecting its spoofed source email address and target email address.

It randomly chooses its target users from the above pool of email addresses and from the email address that appear in the From field of the email.

At present our mail server is catching about 100 an hour. it a real pain try to catch which customer is infected as klez spoofs itself 99% of the time.

DaveN