Klez.E

Below is SPAM I received this morning for a "worm Detector"

Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me. Jscomp0550@aol.com

 

Hi Controler,
see my answer in the WormGuard threads please.
Thanks! Please be careful if it is "source unknown"

 

I posted i the Klez forum also
As I mentioned I DID receive those e-mails this morning. One did have the honey subject line.
I thought it be a wise guy sending gay spam
I ran Norton with latest updates and even went to nortons site and downloaded teir NEW beta definitions. Still nothing found on my puter.
Is this anoother varient that I am infected with?

 

Well,  I certainly hope you didn't fall for that one - the attachment will infect you if you open it.

Please don't post the same question on multiple forums here, okay? Thanks. Pete

*I'm moving this one to the correct forum. Pete

 

Sorry for posting at wrong spot.

I left the dudes e-mail address that was included later.
Just letting everyone know there is either a new varient or a jerk targeting people from security forums.
Just to let you know, I have built and used puters since the early 80's DOS days only.
So I am not a newbi to them.
However I will admit I never got into the programming side of things other than BASIC

Over?

 

Just ran a scan again and found nothing but I did just get another e-mail

This one contained a body message.

nakito@new.rr.com

Body message "This is a funny website, you will like it"

and of course there is no link to any site.
Are we under a wide spread attack by the damn chinese?

 

hmm

rr.com is Roadrunner, the same (broadband American cable) that I use. However, the email address normally includes the city ie yourname@yourcity.rr.com
But anyway if someone knows how to research that email addy we might be able to get some vicious SOB's broadband service taken away.

 

Sam Spade  >  Tools  >  Parse full headers
and do your stuff
I see a lot of spam these days and port sniffing from
......rr.com addresses.