|
|
Email spoofing Some variants of the KLEZ/ELKERN/YAHA worms use a technique known as "spoofing." If so, the worm randomly selects an address that it finds on an infected computer. It uses this address as the "From" address that it uses when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to someone else. For example, Linda Anderson is using a computer that is infected with W32.Klez.E@mm; Linda is not using an antivirus program or does not have current virus definitions. When W32.Klez.gen@mm performs its emailing routine, it finds the email address of Harold Logan. It inserts Harold's email address into the "From" portion of an infected message that it then sends to Janet Bishop. Janet then contacts Harold and complains that he sent her an infected message, but when Harold scans his computer, his AntiVirus program does not find anything--as would be expected--because his computer is not infected. If you are using a current version of an AntiVirus program and you have the most recent virus definitions, and perform a full system scan with your AV program set to scan all files which then does not find anything, you can be confident that your computer is not infected with this worm. |
|
|