Hello people,

someone of ADSM-L subscribers from Argentina is having the Klez virus.
Maybe some of you do not know how the virus is working so I would explain
in brief:
virus is distributing itself masquerading as someone from address known to
the victim's mail program. More info can be found on AV programs vendors'
sites (example
http://www.symantec.com/avcenter/venc/data/w32.klez.h AT mm DOT html).
I my case I got a virus with signature as coming from Alex Paschal. Alex
is innocent and has nothing to do with this garbage. And for sure he would
not send to me a mail with so silly subject. So the mail was very
suspicious. I am using Lotus Notes for mail so am immune to viruses
targeting Outlooks but many of you are prospective targets (and might be
even infected).
The person with infected computer is using ISP in Argentina but I am
unable to identify him/her. Since my subscription to the list no-one from
this provider's domain has made posts. I guess he/she is a new member of
our community.
Please fellows from Argentina check your computers - you might be the one
who is having the virus and accidentally sent it to me. Others using
Outlook also can check themselves or contact system administrator/IT
security officer.
Partial details of the offending message are shown below. If any of you
(or your admin) needs additional info - please contact me outside the
list.

Zlatko Krastev
IT Consultant


From:   AlexPaschal <AlexPaschal AT FREIGHTLINER DOT COM>
Subject:        Japanese lass' sexy pictures
Received:       from Rfbgxnueo (host119.200.61.155.ifxnw.com.ar
[200.61.155.119]) by ty.media3.net (8.9.3/8.9.2) with SMTP id KAA12687 for
<acit AT ATTGLOBAL DOT NET>; Wed, 22 May 2002 10:40:33 -0400 (EDT)
Received:       from ty.media3.net ([206.67.50.1]) by prserv.net (in5)
with ESMTP
          id <20020522145421105060h0rre>; Wed, 22 May 2002 14:54:21 +0000
+ file attachment "href.bat" with size 91764 bytes (the virus code)