John Lindsey
12th May 2002, 23:21
I have received a complaint from a member that another member had purposely sent him Japanese porno and a virus. He claims it came from the "Southern Alliance" which I think is linked to Manny Salazar, Mike Mitchell, and Antonio Bustillo.
I too have received this same message and virus. It does not appear that these people did this on purpose. Please read the following:
This W32/Klez variant has the ability to spoof the email FROM: field. The senders address used by the virus, may be one that was found on the infected user's system. Thus, it may appear that you have received this virus from one person, when it was actually sent from a different user's system. Viewing the entire email header will display the actual senders address.
This worm makes use of Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2)
This worm arrives in an Email message with a subject and body randomly composed from a rather long pool of strings that the virus carries inside itself (the virus can also add other strings):
"Hi, Hello, Re: Fw: Undeliverable mail-- Returned mail-- game a tool a website new funny nice humour excite good powful WinXP IE 6.0 W32.Elkern W32.Klez how are you let's be friends darling don't drink too much your password honey some questions please try again welcome to my hometown the Garden of Eden introduction on ADSL meeting notice question naire congratulations sos! japanese girl VS playboy look, my beautiful girlfriend eager to see you spice girls' vocal concert japanese lass' sexy pictures Symantec Mcafee F-Secure Sophos The following mail can't be sent to The attachment The file is the original mail give you the is a dangerous virus that can infect on Win98/Me/2000/XP. spread through email. very special For more information,please visit This is I you would it. enjoy like wish hope expect Christmas New year Saint Valentine's Day Allhallowmas April Fools' Day Lady Day Assumption Candlemas All Souls'Day Epiphany Happy Have a"
In our experiments we have, for example, observed the following Subject lines (more common at the top):
Subject: Document End
Subject: Happy Lady Day
Subject: From
Subject: Eager to see you
Subject: Returned mail--"Document End "
Subject: HEIGHT
Subject: A WinXP patch
Subject: Hi,spice girls' vocal concert
Subject: Happy nice Lady Day
Subject: Have a humour Lady Day
Subject: Happy good Lady Day
Subject: ALIGN
Subject: Have a good Lady Day
Subject: Undeliverable mail--"IIS services with this Web administration tool."
(the virus can also send mails with empty Subject and/or body)
I too have received this same message and virus. It does not appear that these people did this on purpose. Please read the following:
This W32/Klez variant has the ability to spoof the email FROM: field. The senders address used by the virus, may be one that was found on the infected user's system. Thus, it may appear that you have received this virus from one person, when it was actually sent from a different user's system. Viewing the entire email header will display the actual senders address.
This worm makes use of Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (ver 5.01 or 5.5 without SP2)
This worm arrives in an Email message with a subject and body randomly composed from a rather long pool of strings that the virus carries inside itself (the virus can also add other strings):
"Hi, Hello, Re: Fw: Undeliverable mail-- Returned mail-- game a tool a website new funny nice humour excite good powful WinXP IE 6.0 W32.Elkern W32.Klez how are you let's be friends darling don't drink too much your password honey some questions please try again welcome to my hometown the Garden of Eden introduction on ADSL meeting notice question naire congratulations sos! japanese girl VS playboy look, my beautiful girlfriend eager to see you spice girls' vocal concert japanese lass' sexy pictures Symantec Mcafee F-Secure Sophos The following mail can't be sent to The attachment The file is the original mail give you the is a dangerous virus that can infect on Win98/Me/2000/XP. spread through email. very special For more information,please visit This is I you would it. enjoy like wish hope expect Christmas New year Saint Valentine's Day Allhallowmas April Fools' Day Lady Day Assumption Candlemas All Souls'Day Epiphany Happy Have a"
In our experiments we have, for example, observed the following Subject lines (more common at the top):
Subject: Document End
Subject: Happy Lady Day
Subject: From
Subject: Eager to see you
Subject: Returned mail--"Document End "
Subject: HEIGHT
Subject: A WinXP patch
Subject: Hi,spice girls' vocal concert
Subject: Happy nice Lady Day
Subject: Have a humour Lady Day
Subject: Happy good Lady Day
Subject: ALIGN
Subject: Have a good Lady Day
Subject: Undeliverable mail--"IIS services with this Web administration tool."
(the virus can also send mails with empty Subject and/or body)