> As soon as I got wind of this this morning I updated my virus signatures and
> scanned everything. I received warnings from agschnozz and tscales saying I
> was infected with either W32.Elkern or Klez.E (both worms). My AV software
> (CA Unicenters Advanced Antivirus Option) says that both of these should be
> detected by the signatures I downloaded, but nothing was found - and no, that
> doesn't give me a warm and fuzzy.
Without going into too much detail it needs to be remembered that the
current crop of viruses hide whats going on by picking a 'sender'
(From:) address out of the infected machines address book. then it
selects a batch of 'recipient' (To:) addresses from the same address
book & proceeds to send a great wad of emails out...
To figure out where it came from, you need to dig pretty deeply into
the headers of the virus infected e-mails. almost certainly the first
(closest to the message body) header in the mails received by Ken & Tom
will have the same sending host & mail transfer agent, if the date/time of
both mails is close (i.e. the same login session). Contact me off-list
if you would like some detail...!
I've had 5 e-mails in the last 2 days from the same computer (in
adelaide) & I can't figure out who it is. In all cases the username is
different, so I sent an e-mail to everybody I know on that ISP.
one sure way to avoid infection- don't use windows!!! or use a text
based mailer like pine, elm or mutt...
DavidT
Adelide, South Australia
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|