[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: virus Re: Questionnaire

From: Alain Bench
Subject: Re: virus Re: Questionnaire
Date: Wed, 21 May 2003 13:01:38 +0200 (CEST)
User-agent: Mutt/1.4i-ja.1


 On Tuesday, May 20, 2003 at 1:00:28 AM -0600, D. Stimits wrote:

>> From: dickey
> the reply to shows it as sent by just "dickey".

    There was no "Reply-To:", and the "From:" listed also Thomas' full
email address:

| From: dickey <address@hidden>

> someone with a windows machine in Japan has an address book listing
> "dickey" and not "Thomas Dickey".

    The virus Klez.H gets pure email addresses (without full names) from
various files on the infected computer, including (but not limited to)
WAB, and sets the login part as full name in "From:" field.

    I don't know why you don't see and quote the full address in
Michael's mail, and why your "In-Reply-To:" doesn't point to his
message... A bug in Mozilla, or?

| Received: from [] (port=16421 helo=Jovyx)
|       by sc005pub.verizon.net with smtp (Exim 4.14)
|       id 19HqS0-000165-Fk
|       for address@hidden; Mon, 19 May 2003 14:37:36 -0500

    Note the HELO "Jovyx" is most probably forged too. Only sure things
are this IP, and the infected guy has both Thomas and the mailing list
addresses somewhere on his computer (possibly only in a web page stored
in "Temporary Internet Files").

Bye!    Alain.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]