I just recieved an email from a friend of mine that looks suspicious. The entire text of the message is, "W32.Klez.E is a dangerous virus that spread through email. F-Secure give you the W32.Klez.E removal tools.
The above quote is VERBATIM, including grammar mistakes. Attached to this is an executable file named Setup.exe.
I have talked to my friend and confirmed that she did NOT send this email. Has anyone else recieved something like this? Could we be looking at another attempted virus attack?
Actually, it may not be your friend that is infected. The Klez worm spoofs email addresses and makes it look like its coming from someone you know, when it really is coming from a totally different email address - possibly someone who has your fried’s email in their addy book.
Ok, good. I deleted the email after posting the OP and did not open the file. I wish I could have checked full headers first, though - since apparently it may not be from her, after all. Well, nothing I can do now. I believe that I’m safe, though.
Even if you looked at the headers you wouldn’t be able to tell much because anyone stupid
enough to email something like that would have been clever enough to change their heading to hide.
Actually, the Klez virus spoof the senders address, but doesn’t seem to affect the headers (at least not the version we keep getting).
We have one customer who keep sending us the Klez virus (unknowingly). We know who it is because depsite the fact that the phony sender’s address keeps changing, the IP address in the headers is always the same (our customers.) We’re not 100% sure, but we’re monitoring it. So far it does appear that the IP address is consistently hers no matter what the spoofed sender address is.
Interesting, but in the grand scheme of things it’s no big deal.
