Security Basics mailing list archives

RE: Can anybody explain this Klez Variant?

From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Thu, 6 Feb 2003 20:27:21 +0100


Klez has several variants. This is probably just one of them.

1) The "my_name" email address is an old excite account which 
hasn't been used in over 2 years and has been disabled.


But someone, somewhere, might still have it in their address books.

The "myfriend" address was not 
in my address book at this excite account.


What you had in your address book, does not matter.
This message came from a third party, who had your old address, as well as the recipients address, in their address 
book.

Taken to the extreme, this might be someone neither of you
know. Someone who just happened to have both your addresses
saved. (Some email programs save addresses automatically, for
instance when replying.)


2) The return path is "my_name"@verizon.net


Dunno.. I'm guessing it's just part of the variants spoofing,
but I haven't got much in-depth knowledge of Klez.

Cheers,
Anders :)

Current thread:

Can anybody explain this Klez Variant? Drexcia ==== (Feb 06)
- Re: Can anybody explain this Klez Variant? Dan Donkers (Feb 10)
- <Possible follow-ups>
- RE: Can anybody explain this Klez Variant? Anders Reed Mohn (Feb 07)
- Re: Can anybody explain this Klez Variant? it_hjw (Feb 07)