Post #41,305
6/5/02 5:50:52 PM
|
I've reached my limit
I'm getting email bounce messages that look like someone is using MY email address in the reply-to header line in spam. A lot of them. 50 or so in the past few minutes.
I contacted my ISP who said there's really nothing that can be done from their end (gee thanks) and to contact the ISP of the sending emails. Hotmail (gee thanks).
So I find a URL in the offending email. I look up the whois record for the domain name. I call the Phone Number listed, disconnected. I email the address listed, bounced, hotmail address. I've emailed the regitrar, but haven't heard back from them.
I was getting about 5-10 spam messages a day. Annoying, yes, but pretty easy to delete and ignore.
This one pisses me off something fierce.
-----
Steve
|
Post #41,313
6/5/02 6:26:14 PM
|
Umm...
SOmeone you got the Klez... better get them to a doctor fast...
greg, curley95@attbi.com -- REMEMBER ED CURRY!!!
|
Post #41,356
6/6/02 12:40:09 AM
|
No Klez
I don't use winders for mail. If I'm using windows, I use my ISPs webmail (qmail server with squirrel webmail client on linux), else I use moz mail under linux.
I did get several messages on my work account today with klez, but it was filtered by mcafee.
Just checked, to be sure. No klez on this machine.
-----
Steve
|
Post #41,370
6/6/02 2:58:38 AM
|
What you need...
...is a local MTA with [link|http://www.spamassassin.org/|SpamAssassin].
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
|
Post #41,372
6/6/02 3:22:20 AM
|
Debian sid w/exim on my laptop
Which is the machine I use the most by far.
Read a bit about spamassassin, heading that route I believe, and have also queried my ISP about installing it on their server :)
-----
Steve
|
Post #41,380
6/6/02 7:42:27 AM
|
YOU aren't the one with Klez
Klez' trick is that if person A has it, they forge mail from B to C. So if someone you know has it, they could send mail apparently from you to other people.
You do know people who run Outlook on Windows, don't you?
Cheers,
Ben
"... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything."
--Richard Feynman
|
Post #41,626
6/8/02 12:59:11 AM
|
More Klez
From another source: The "Klez" virus is one of a family of viruses, the most prolific is called W32/Klez.h@MM, and appeared mid-April, 2002, and has been one of the most successful email-borne viruses of all time. While most virus outbreaks trail off within a few days of emergence, Klez is still increasing in prevalence eight weeks after its first appearance. It's hard to eradicate because it fakes the sender address of emails. This also means that many people will receive warnings about Klez for mail they never sent. Klez also infects and may damage files, and can distribute confidential information. You ain't got it (or if you do, the traffic you're seeing is unrelated). As I mentioned, Klez traffic is still growing 10-15% per week. Our per-day incidence has climbed above 200 messages, I expect this won't top out lower than 300-500 daily, if not more. Headers should tell you where the actual origin was. --
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]
[link|http://kmself.home.netcom.com/|[link|http://kmself.home.netcom.com/|http://kmself.home.netcom.com/]]
What part of "gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.
[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|[link|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html|http://www.eff.org/...a_alert.html]]
|
Post #41,664
6/8/02 5:28:39 PM
|
Check the headers.
We use GroupWise at work with Guinevere.
See if you can find the ACTUAL address that it came from.
When we get a sudden rush of them at work, it is because someone new (outside the company) is infected and probably doesn't know it. So I did through the headers and find the original address and send them a message to get fixed.
|
