this may add somelight to the situation....
As a preface for the following information .. I saw this SECURIRTY ALERT post from Ann lastnight and wanted to add some information for those that are also having the same problem. In short I get this information at work in a daily alert email.
---------------------------------------------------------------
Dear Colleagues:
The following article is an excellent summary of the havoc being
caused by the Klez worm.
This malicious software is using social engineering (deception) to
generate confusion and even anger among its victims. The worm sends
e-mail with fake FROM addresses that it picks at random from the
e-mail distribution lists on infected computers. Sometimes it
subcribes victims to e-mail newsletters or other distribution lists.
Because of the misleading FROM and SUBJECT lines, it is not
reasonable to suppose that every infected message indicates that its
apparent sender's computer is infected. Do not get angry at friends
and colleagues who are apparently sending you virus-laden messages;
they probably aren't.
As always,
* Keep your antivirus program up to date, preferably
automatically.
* Unless you have utilities that can let you examine the content
of e-mail attachments safely, don't open such attachments if you are not
expecting them, regardless of the supposed sender or ostensible
subject.
Best wishes,
- -------------Forwarded Message-----------------
RE: Klez: Don't Believe 'From' Line
Klez: Don't Believe 'From' Line
By
2:00 a.m. April 30, 2002 PDT
Some Internet users have recently received an e-mail message from a
dead friend. Others have been subscribed to obscure mailing lists.
Some have lost their Internet access after being accused of spamming,
and still others have received e-mailed pornography from a priest.
They're actually experiencing some of the stranger side effects of
the Klez computer virus.
These ersatz e-mails containing the virus are creating Klez-provoked
arguments and accusations that are now spreading as fast as the worm
itself.
The latest variant of the Klez virus started spreading 10 days ago.
The virus e-mails itself from infected machines using a bogus "From"
address randomly plucked from all e-mail addresses stored on an
infected computer's hard drive or network.
Recipients of the virus-laden e-mails, not understanding that the
"From" information is virtually always phony -- or even that they
have received a virus -- have been clogging networks with angry and
confused e-mails that are causing a great deal of cyber-havoc.
People signing up for newsletters and mailing lists that they never
subscribed to has been a major source of frustration for both users
and the list owners.
If Klez happens to send an e-mail "from" a user to an e-mail list's
automatic subscribe address, the list software assumes the e-mail is
a valid subscription request and begins sending mail to the user.
A mailing list for fans of the Grammy Award-winning Steely Dan band
has posted an explanation directed to those who were subscribed to
the list by the virus.
"We are not infected with the Klez virus. We don't know if you are
infected with the Klez virus. You may be. But even if you are not,
someone out there who is infected has both your address and our
address on their computer ... and therein lies the problem," the
explanation reads, in part.
Even when users understand the source of newsletter-generated
e-mails, the amount of mail some lists generate is causing problems.
"Last week I suddenly started getting hundreds of e-mails, daily,
with information about raising tropical fish, purchasing cosmetics
and staying in youth hostels," Victor Montez, a sales rep for a
publishing firm, said. "I do not keep fish, wear makeup or travel
rough."
Montez now understands the e-mails came from Klez-subscribed news
lists. But he said that since his free e-mail account only stores a
certain amount of messages, he's lost access to the account twice
this week. He believes he's also lost a significant amount of
business-related e-mails.
"If this keeps up, I may end up having to stay in hostels and I'll
have plenty of free time to devote to raising fish," he said.
In some cases, it almost seems as if Klez is specifically targeting
particularly vulnerable e-mail addresses onto which it can piggyback.
E-mails containing an invitation to view what purports to be an
attachment with pornographic images appears at first glance to have
been sent out by Catholic parishes in New York and Maryland. The
attachment actually contains the Klez virus, and tracing information
indicates the e-mails were actually sent from an Internet service
located in the United Arab Emirates.
"While we would obviously never choose to have our churches' names
affiliated with such material, this is a particularly difficult time
to have e-mail with obscene references -- which appear to have been
sent by church staff -- circulating," an archdiocese spokeswoman
said, referring to the worldwide sex abuse scandal.
Other newsletter owners are also suffering. Some say their Internet
service providers have accused them of spamming non-members. Many
ISPs cut service when they receive a certain amount of spam
complaints.
"I was reported to my ISP over a dozen times this week for spamming,"
said Keith Carlone, the manager of an e-mail newsletter for classic
car enthusiasts. "My ISP threatened to pull my account after the
third complaint and we went down shortly afterwards. It took four
days to sort the problem out."
Andrew Fiber, maintainer of a Jewish folk music mailing list, said
that the list has been inundated with messages about widely off-topic
subjects, so much so that Fiber wondered if most of his members had
suddenly gone "meshuga (a little crazy)."
But then Fiber began getting the complaints.
"All of a sudden we had e-mails coming in from around the world, with
people yelling we had sent them Klez," Fiber said. "The thing is that
'Klezmer' is a type of traditional folk music which we often discuss
on the list and sometimes refer to as Klez. So I thought people were
protesting about our folk music. It was very confusing for a while."
Some users have even reported receiving spooky e-mails from deceased
friends.
"I belonged to a tattoo artists' list that closed down a few years
ago. Last week, I began getting e-mails from the list. Even weirder,
I got eight e-mails with subject lines that read 'SOS' and 'Eager to
See You' from a list member who died last year. It totally creeped me
out," said "Bear" Montego.
Klez e-mails' subject lines are randomly chosen from a pre-programmed
list of about 120 possibilities, including "Let's be friends,"
"Japanese lass' sexy pictures," "Meeting Notice," "Hi Honey" and
"SOS."
Klez also sends fake "returned" or "undeliverable" e-mails, advising
the supposed sender that their original, refused e-mail is contained
in the attachment. Clicking on the attachment triggers the virus.
The virus can launch automatically when users click to preview or
read e-mails bearing Klez on systems that have not been patched for a
year-old vulnerability in Internet Explorer, Outlook and Outlook
Express. Klez only affects PCs running Microsoft's Windows operating
system.
As of Monday afternoon, Klez's spread seems to have slowed, but
antiviral experts warn that the worm will be around for a while.
"Anytime you have a virus that is not easily identifiable visually,
it tends to linger," Rod Fewster, Australian representative for
antiviral application NOD32, said. "SirCam and Klez both vary the
subject lines of the e-mails they send, which makes it hard for the
average user to spot."
If you are still reading I just want to add...... take a deep breath ....this too shall pass........ ; )
Donna
The worst part is that it wasn't even my fault. I NEVER, repeat NEVER open attachments unless I am expecting it. But I got this virus from an exploited security hole in Outlook 2000. I went right to MS's web site, and they naturally proclaimed it couldn't possibly be their fault 
Q
