Security Basics mailing list archives
RE: Can anybody explain this Klez Variant?
From: "Anders Reed Mohn" <anders_rm () utepils com>
Date: Thu, 6 Feb 2003 20:27:21 +0100
Klez has several variants. This is probably just one of them.
1) The "my_name" email address is an old excite account which hasn't been used in over 2 years and has been disabled.
But someone, somewhere, might still have it in their address books.
The "myfriend" address was not in my address book at this excite account.
What you had in your address book, does not matter. This message came from a third party, who had your old address, as well as the recipients address, in their address book. Taken to the extreme, this might be someone neither of you know. Someone who just happened to have both your addresses saved. (Some email programs save addresses automatically, for instance when replying.)
2) The return path is "my_name"@verizon.net
Dunno.. I'm guessing it's just part of the variants spoofing, but I haven't got much in-depth knowledge of Klez. Cheers, Anders :)
Current thread:
- Can anybody explain this Klez Variant? Drexcia ==== (Feb 06)
- Re: Can anybody explain this Klez Variant? Dan Donkers (Feb 10)
- <Possible follow-ups>
- RE: Can anybody explain this Klez Variant? Anders Reed Mohn (Feb 07)
- Re: Can anybody explain this Klez Variant? it_hjw (Feb 07)