Heya, not sure what is up. I just got an undeliverable email return to me. This was an email, with an attachment that I did not send but it was made to look like it came from me. It had a virus attached to it. I have just finished checking my system and I am virus free. Also, the name of the attached file was barn.jpg and something else - not sure what it was since I had Norton kill it. However that was the file that had the virus. I do not have a barn.jpg on my computer anywhere so this definitely did not come from me. Furthermore, the person to whom the email was addressed is someone I do not know and the are not listed in my address book. My concern is that someone else may be sending these emails out under the guise that they are coming from me. Do not open any emails with attachment from shadownet!!! This may have only been a fluke but I do not want any of you to get hit. Also, I will be out of town from the 11th to the 19th and will not be sending any email during this time, so any email received alledging to be from me during this time period should be considered highly suspect. I am perhaps over reacting in my warning, however, as I stated, I would hate to have any of you fall victim to this ruse. Best regards, Rob

No such thing as over-reacting with all the nasty bugs floatingaround out there these days...thanks for the heads-up, Rob! CT

Apparently, distant email servers can become infected with viruses or worms and will then draw on their archives of email addresses to generate malicious emails that are then sent out...the old adage of,"if you dont know the sender, dont open the attachment...even if it offers you candy...." still is the best protection. Scarab

Sounds like another case of Klez Worm

Shadownet, Thanks for the warning. Have a good trip and it was very nice of you to warn us all.

I did a little more investigating last night. Yes it was the klez worm, but take a look at the source info below. The virus was named bi.exe I suspect the jpg file was added an attempt to mask the exe file so that it would be open by accident. Nothing new about this. However, what got me was(1)not only did the email pretend to be an email I had sent that was kicked back as undeliberable but(2) the subject line would indicate that it was not a random attach but was aimmed specifically at me or at Poser users in general. So be careful. Here is the source info from the email: Return-Path: Received: from maynard.mail.mindspring.net (maynard.mail.mindspring.net [207.69.200.243]) by exiter.cp-tel.net with SMTP (MailShield v2.04 - WIN32 Jul 17 2001 17:12:42); Fri, 09 Aug 2002 19:54:51 -0500 Received: from 1cust251.tnt3.manassas.va.da.uu.net ([67.201.103.251] helo=Guydfyl) by maynard.mail.mindspring.net with smtp (Exim 3.33 #1) id 17dKWW-0006Es-00 for shadownet@cp-tel.net; Fri, 09 Aug 2002 20:54:32 -0400 From: postmaster To: shadownet@cp-tel.net Subject: Undeliverable mail--"with the matching rsr that goes with the pp2" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=Z1lr94tJ6H6EV92428i910X53Dj5c0 Message-Id: Date: Fri, 09 Aug 2002 20:54:32 -0400

That Klez viris is tricky, that version looks for an email with an attachment already associated with it on the infected computer adds itself then sends itself off to another computer finding the to and from line in the address book of the infected computer. I doubt it was directed attack, it just happened that it infected the computer of someone who has corrisponded with you in the past and either sent or recieved that file recently.

Thanks wdupre, good to know.

This could last a long time, shadownet. I'm still getting You Have a VIRUS emails back from the Klez infection of someone who had my name in their address book in April!! I test out clean and don't even have the same computer I had in April. You'd think they, whoever they are-- I suspect spammers, the returns are so odd-- would clean their computer someday. I use Mailwasher now to eliminate that stuff on my ISP before it reaches my machine. Emily

Not familiar with Mailwasher. Can you tell me more?

Yes, please tell us all more about Mailwasher! (Hi Rob...thanks very much for the warning!) Travel safely!! Kimberly

www.mailwasher.net should give you anything you want to know. It works for free and it's shareware as well. But not insistently. I was recommended it by a fellow "R" member so happy to recommend back. Emily

Thanks :O)

ZoneAlarm just blocked a hit one my computer about an hr ago that Zonelabs identified as to do something with the Klez Worm probing for servers or some such. Looks like maybe the Klez Worm is active on the net today. :(

I had Klez about a month ago and this sounds exactly like it. I was getting dozens of returned e-mails addressed to people I don't know, some people here in this forum, but I've never ever e-mailed to, and some of my own relatives and friends. It's a nasty one. If anyone does get infected by it, the fix is on the Symantec site and it's easy to clean out. As soon as I knew what was going on, I went out and bought Norton immediately. I just wish the people who write these things would stop. I don't understand what they think they get from it. If they have the knowledge to write programs that do damage, why can't they put their knowledge to constructive projects, like inventing games or writing legitimate software? Sheesh! Melanie