Anyone else getting sent viruses and worms from Anandtech imposters?

BigJ

Lifer
Nov 18, 2001
21,330
1
81
Received 8 Klez/other worms in the past several days from Anandtech like email addresses/names. Wondering if anyone else has had this problem lately...one of them even went as far as to impersonate Dew042. Never really got these until the last week.
Here's what I got so far:

The email attachment if is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment face.exe is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment 202-4120612-9437455[1].exe is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment Cf.scr is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment Nzzjp.exe is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment number.pif is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The email attachment USticker[2].bat is infected with the W32.Klez.H@mm virus.
The file was quarantined.

The file C:\Documents and Settings\Administrator\Local Settings\Temp\NAV33.tmp is infected with the W32.Yaha.F@mm virus.
The file was quarantined.

From these aliases/email addresses:
dew042 [dew042@hotpop.com]
erikmessinger [erikmessinger@hotmail.com]
txsipd [txsipd@tpe.o]
erikmessinger [erikmessinger@hotmail.com]
vhtung [vhtung@juno.com]
txsipd [txsipd@tpe.o]
dew042 [dew042@hotpop.com]
Norton AntiVirus deleted the following email message because it was infected with a virus:
From: Mail Delivery System <MAILER-DAEMON@optonline.net>




Just letting people know before they jump to any conclusions about people on the forums, and also that it pisses me off a bit...and this is off topic.
 

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,344
126
1. How can you tell "anantech imposters"?
2. They are probably spoofed addresses and the people sending them probably have no clue they are sending them.
3. Klez sucks.
 

BigJ

Lifer
Nov 18, 2001
21,330
1
81
Originally posted by: vi_edit
1. How can you tell "anantech imposters"?
2. They are probably spoofed addresses and the people sending them probably have no clue they are sending them.
3. Klez sucks.

Why I'm saying Anandtech imposters is your #2 statement. I know for a fact its being spoofed from Dew042. Me and him already had several pm's about it and he's virus free, yet I'm still being sent stuff. And another reason why its imposters is they're using forum-like aliases, and the only forum I'm on with this email address is Anandtech.
 

Harvey

Administrator<br>Elite Member
Oct 9, 1999
35,057
66
91
KLEZ is a particularly rude virus that masks the true sender's name by going into the infected user's address book and placing various names it finds in the From: line. That means they could have come from anyone you know who has those other AT members' addresses in their address book.

Be careful with this next piece of info --

I received about a dozen KLEZ e-mails from one client. You don't have to open any attachment to be infected by KLEZ. All you have to do is open the e-mail. However, if you are sure you are protected against KLEZ, you may be able to determine the actual source by looking at the complete header. In the ones I got, the Return-Path: line showed the actual sender was a particular machine on my client's system.

I am pretty KLEZ proof. I don't use Outlook or Outlook Express, I've added all the critical updates for my version of Windoze, and I've run the KLEZ removal tool from Symantec. Another trick I've mentioned, before, that prevents any VBS viruses, may also work against KLEZ is to uninstall Windows Scripting Host. Here's a link to step by step instructions for Win 95, 987, 2K and NT with screen shots. The slightly more techie method for other versions is to find the file, WSCRIPT.EXE, and rename it.

I believe XP is the first version that does not have WSH installed by default, and I have been told that the latest service packs for 2K unistall it. 95% of all Windoze users will never need WSH, and it's as easy to re-install as it is to defeat it if you run across an app that requires it. Better yet, find a different prog that does the same thing without WSH.
 

Woodie

Platinum Member
Mar 27, 2001
2,747
0
0
You're being spammed by a realt ATer, who had all those ATers in their Outlook address book, and who's been infected by the Klez virus.

Klez inserts various entries from the infected address-book into the From field, so it appears that the email are coming from multiple users, when in fact it's just a single user. Sometimes it even inserts the recipient into the From field.