Klez and MyDoom Virus

The Klez virus hit the Internet in Spring of 2002 and created a lot of havoc for mailing list providers. The MyDoom virus struck in Winter of 2004, and followed the same principles. These viruses emails themselves to addresses found in the infected computer.

These addresses are picked at random, and one email address is placed in the To line, while the other email address is placed in the From line.

So if the person owning the infected computer has recently joined a mailing list, that email address may be placed in the To line. A friend or recent correspondent's email address may be placed in the From line.

When that message arrives at most mailing list providers, the address in the From line is automatically added to the list. Even though that person never sent the email.

The Klez virus has it's own SMTP engine and it usually forges the envelope sender address too. This makes it especially difficult to trace the infected computer.