Some Doper who has e-mailed me has a virus and doesn't know it.

[Larry_Mudd]

Okay, folks, I’m getting thirty or forty “returned” klez-propagating e-mails daily, and it’s starting to get me down.

Someone who has me in their Outlook address book is infected with the persnickety Klez32 worm, which is industriously sending of hundreds of e-mails with my return address showing as the sender.

I deduce that the infected party is a Doper, because some of the “returned” mail is coming from the mailer daemon at straightdope.com

How can you tell if you the unclean one?

A few indications-

Have you ever contacted me by email?

Do you use Outlook? If the answer is yes, please stop. Consider using this opensource mail client which looks and acts very much luck Outlook, except that it offers an acceptable level of security.

Even if you don’t use Outlook, if you have within the last few weeks incautiously opened an attachment, (and are using windows) you can be infected. The subject line of the infected mail may contain one of the following phrases:

how are you
let’s be friends
darling
so cool a flash,enjoy it
your password
honey
some questions
please try again
welcome to my hometown
The Garden of Eden
introduction on ADSL
meeting notice
questionnaire
congratulations
sos!
japanese girl VS playboy
look,my beautiful girl friend
eager to see you
spice girls’ vocal concert
japanese lass’ sexy pictures

Or something entirely different. Received an attachment that didn’t make sense, even though it appeared to be from someone you knew?

I’ve deleted hundreds of these “returned” messages so far, but here are some (partial) email addresses that they were originally sent to:

sampson2149@.com
thestrdope@aol.com (I’m guessing that means the infected one is an old Doper)
lorrainehollond@.ca
dmartyn@.com
kasbourin@.net
smr@.com
jclang@.net
Somebody@gsk.com (GlaxoSmithKline)
support@cuteftp.com
aufeedback@aol.com

If any of those contacts look vaguely familiar to you, heads up. (Bear in mind that about half of those were bounced because the address is no longer good, so it may be an old contact.)

Now, this might not be a huge inconvenience, as the email client I use pegs these as “junk” and I don’t have to look at them. However, hundreds of e-mails going out with my name on them is going to translate into a huge increase in spam in my inbox in a few short months. (Any increase is significant, as I’ve managed to keep my inbox spam-free for three the last three years.)

Any of the above ringing alarm bells? Please, download and run the free Klez removal tool from symantec.

Hell, even if none of the above seems to apply to you, if you have a few spare minutes, and you use windows, go ahead and run it anyway – the worst thing about Klez is its stealthiness-- you won’t notice anything suspicious if you’re infected, unless you’re the sort who closely monitors all the traffic on your network.

Thanks for your time.

[jackelope]

Yuk. Good luck getting shut of the sticky situation. I get those constantly at work; today, my first day back after a regular, two-day weekend, I had about 100 new e-mails, of which exactly five were NOT spam or klez-droppings.

At home I use Eudora, which is free and in my opinion far superior to Outlook. Plus no one designs viruses for it.

[Aslan_of_Narnia]

What motivates people to create things like the Klez virus? Just to fuck around with people?

[Q.E.D]

I’m getting those too. On average about 10 per day. It’s not me, my system is clean. I do regular scans and I’m too smart to get a vir&*^83kdokd;…//////////////////////////////////////87fjnz76ghZ7ewytZ&76nd$rtgf3w7…}¸0​:diamonds:‘12¨4ÿ52àⁿ721•1​:relaxed:1,),·5​:diamonds:5​:diamonds:◘:clubs:1

Beeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeep

[Lord_Jim]

I have seen where the “Return path” line in the header didn’t match the “From” and the “Reply to” lines and the address in the “return path” was the actual sender. … Take a look, it might help track it down. Also the bottom “Received:” section should have the IP address of the originating mail server which might give a clue about the location of the sender.

But, running an up to date virus scan is a good suggestion for anyone that is likely to have you in their address book or has received an email from you.

Good luck. Klez is a very deceptive virus.

[Flamsterette_X]

I used to get a lot of these a few months back… the subject line was usually something like: “I’ve found the secret…”

Now I might be getting them again… “re: hey, is this still your email address?” or something similar.

But it’s not me this time, Larry. (though maybe I should email you again… later…) None of those addresses look even vaguely familiar to me.

F_X

[rjk]

We had a small worm problem at work a couple of weeks ago. I’ll repeat what I mailed out then: Don’t open attachments! At least make sure you know what kind of file it is first, but you’re far better off saving it to disk and letting your virus-checker take a look at it. Both Norton and McAfee come with programs to watch files as they’re saved and loaded. Make sure to set the schedule to keep your virus definitions current.

(On a related note, MSWindows is set up wrong by default. Bill, in his wisdom, decided we don’t need to know what kind of file we’re clicking on, so file extensions start out hidden. A file that seems to be called, for example, MyPic.jpg (a picture) could really be MyPic.jpg.exe (a program), which might be the installer for a virus or worm. Be careful!)

Sorry if I sound preachy here, but we spend far too much time cleaning up when people don’t take care.