Re: virus and/or spam alert

[William Beaty <billb@ESKIMO.COM>]

On Fri, 10 May 2002, John S. Denker wrote:

> On Fri, 10 May 2002 04:53:14 -0500 there appeared a message
> falsely attributed to me with the Subject line:
> WhfhixFq2ybVmC2ZK78ZJZDmCgZuKUPXpS9W

The current massive virus outbreak involves forged "FROM" addresses.  The
Klez worm also takes email addresses from local files, which would include
browser temp files.  Anyone who displays their email address on a popular
website should expect to see some automatic messages from Klez-infected
users.

I'm receiving LOTS of Klez mail right now (50-100 msgs per day), but it's
slowly decreasing.   I expect that my website is the source, since I have
my email address on every single page.

That PHYS-L mystery message might be a non-KLEZ virus with similar
behavior, since the subject line of Klez messages is one of the following
(below)

(((((((((((((((((( ( (  (   (    (O)    )   )  ) ) )))))))))))))))))))
William J. Beaty                            SCIENCE HOBBYIST website
billb@eskimo.com                            http://amasci.com
EE/programmer/sci-exhibits   science projects, tesla, weird science
Seattle, WA  206-789-0775    sciclub-list freenrg-L vortex-L webhead-L



how are you
let's be friends
darling
so cool a flash,enjoy it
your password
honey
some questions
please try again
welcome to my hometown
the Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls' vocal concert
japanese lass' sexy pictures
Undeliverable mail--"[Random word]"
Returned mail--"[Random word]"
a [Random word] [Random word] game
a [Random word] [Random word] tool
a [Random word] [Random word] website
a [Random word] [Random word] patch
[Random word] removal tools


The random word will be one of the following:
new
funny
nice
humour
excite
good
powful
WinXP
IE 6.0
W32.Elkern
W32.Klez.E
Symantec
Mcafee
F-Secure
Sophos
Trendmicro
Kaspersky