Re: Virus???

[Rick Stevens <rstevens vitalstream com>]

Al Gelders wrote:
> On Sun, 2003-11-02 at 22:20, Mauri Sahlberg wrote:
>
>
> > You have denied all traffic out of that box? You can still send e-mail
> > with your own address even when you have denied SMTP, POP and IMAP. You
> > just connect with HTTP to some server that provides e-mail through web
> > interface. And honestly I really think that if you have a breach in your
> > security it probably is on that w2k box. 
>
> Thanks for the input.  Since I have symantec virus protection on the w2k
> box I'm going to assume that it is clean as well and that some jerk out
> there is using my address out of spite.  I have since noticed that all
> the bounced messages seem to mention Outlook or Outlook Express which as
> I mentioned, are not configured on my box nor are they run. (As the
> cowardly lion says, "I DO believe in spooks, I do, I do, I do." At least
> when runing MS products.)

As I stated in my message, the offending party is probably infected
with the Klez virus and isn't even aware of it.  They're not doing it
out of spite--that's the way Klez works...it sends out mail trying to
infect other machines but randomly chooses a "From" address from the
sending machine's Outlook address book.  Your name happened to draw the
short straw.

Check the headers of the bounces VERY CAREFULLY.  You may find out
whose machine is sending them out (at least you'll get the IP address
and time, which you can backtrack through the ISP and have them notify
the user).
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-        Brain:  The organ with which we think that we think.        -
----------------------------------------------------------------------