Slashdot Mirror
Klez, The Virus that Keeps on Giving
kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson."
God bless microsoft email viruses. I'm on a modem for a few weeks and downloading
countless megs of mail viruses is extremely frusterating. Course I'm still
getting sircams.
So I have something to be thankful to MS for.
May they spend the rest of eternity having to listen to Oral Roberts sermons
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
For the first Evolution virus...
Hrm, I can't think of any practical uses of scripting in emails anyway. Can anyone help me out?
Look in header for RETURN PATH. That's where it came from. Friend at Michigan State was infected...
Try operating a legit, non-spamming adult site that's worked hard for years to get a decent reputation, only to have klez emails that appear to come from your customer support email address.
People are going to believe a priest when it's explained that it was a virus; nobody is going to believe a legit company that's operating in an industry where so much spam originates.
Argh.
-b
i didn't quite realize it did all this havoc. i just have been getting random crap, but i didn't know it was messing people up this bad. perhaps they'll learn that they aren't using the safest platform. i had been waiting for a virus to come around that did something mildly amusing, not just a proof of concept virus. next we just need one that mails a lot of sensitive data off of computers to people in an address book. especially when a virus scanner is about to be installed
Japanese lass' sexy pictures
That should have been their FIRST tip off the emails were frauds. If they were really from preists they'd be Japanese virgin sexy pictures.
Never confuse volume with power.
frusterated too if I spelled like that all the time.
After getting infected with sircam (My mcafee wasn't updating or scanning properly for some reason) I decided to say screw it, and start scanning email on my server. Now, anything that comes in, gets scanned firts. If f-prot can't find anything, then it gets delivered, otherwise it never show up in my inbox. If you want a look at what I did, check out my scanner.
What were they of, altar boys?
"Hardly used" will not fetch you a better price for your brain.
telnet mail.xyz.com 110
:)
;)
user (username)
pass (password)
list
top (number of message to check) (kb to read)
dele (message to delete)
retr (number of message to read entirely)
quit
Quicker, cheaper, easier. This was one of the best tips I got from a friendly sysadmin.
Of course, I would ask why CmdrTaco didn't check the RFC, but hey, who am I to question slashdot's leader?
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
They infect or have infected 7.2% of all computers. (more than any other virii)
A windows version for cleaning your pc of Klez. (and removes Nimbda, Melissa, etc.)
Looks like we switched to Notes at just the right time.. . :-)
had 300 emails waiting for me, from NAV for exchange when I got into work ....all of em blocking Klez (all from external :) )...what I want to know is why exim (all internet mail goes through an smtp box) acceppted em in the first place...it's configured to not accept emails wiht .exe's
hey ho.
The number of virus alerts I get from my mail gateway has been inundated with Klez for the last week or so. Identifying remote infections was at least possible with Magistr variants, as it only did minor iterative changes to email addresses. Klez lives on an entirely different stratum of nuisance.
"Course I'm still getting sircams"
I've been working for 2.5 years for a company that uses Exchange and Outlook. Most of my friends and colleagues use Outlook or Outlook Express at work and home, although I still use Netscape for personal stuff. I've received 2 email viri ever, and neither of them were the "common" ones like Melissa or SirCam. It leaves me wondering if people are making a big fuss out of nothing, and being a bit sensationalist or simply an anti-Microsoft bigot.
Is it using that one guys' relay? Yeah, that dude on PacBell that won't shut it down?
Anyways, I have nice lists of accounts open everywhere. Mail, news, telnet, ftp, http anonymizer, you name it. I (ahem) collect them. However, I have to rescan them every week cause they tend to be hardened after a bit of free usage.
Trust me, if I wrote a email virus (which I wont), I'd be using multiple protocols and storing exectutables in dead sectors (ala Pakistani Brain), ftp directories and newsgroups.
Last thing is that I hate the Corporates assigning a value on a virus. 10 billion done by Melissa. OK. Show me the physical harm done to your computers.
Details.
Never confuse volume with power.
Works wonders
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
The worst thing about that virus is that it has massively hit a lot of mailing-lists.
Interesting threads on mailing lists died because of this. People got insulted although they didn't send anything. A lot of people unsubscribed from mailing-lists due to this.
So people installed antivirus software, personal firewalls, etc. The result was that on mailing-list, instead of having tons of viruses, we got tons of "alert: you have sent a virus, it has been removed by our robot", that is as frustrating as the original virus.
Thanks a lot to Microsoft for being responsible of the most annoying viruses so far.
{{.sig}}
That's what I use, it avoids problems with updating and disabled virusscanners. There are several in existance now:
MessageLabs, best known, scans domains (SMTP)
MessageFilter, a new kid on the block also scans domains (SMTP)
vSweeper scans POP3 boxes, it essentially proxies mails.
Im stuck with windows but I use the Mozilla Suite(Browser and Mail) and it makes me feel so much better that i dont have to worry about viruses on windows... A reason for ppl to get Moz?!
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
to use a Mac.
(-1, Raw and Uncut is the only way to read)
The patch that prevents this has been out for over a year now. It's downloadable here. Microsoft included the patch with IE6 and IE5 SP2, so if you have either, you don't need it.
Good dose of blame goes all around here.
I've finally had it: until slashdot gets article moderation, I am not coming back.
For non M$ windows users: "Klez only affects PCs running Microsoft's Windows operating system." He he.
Did corporate cut off the big fat pipe?
We should round up the people that wrote this virus and beat them, but we should also gather the people who did not apply the patch last year. Those people should be tought the preventive measures they should do on their systems. A little bit of preventive action on the users part and this would be a non-issue.
I/O, I/O, its off to disk I go, with a read and a write, and a bit and a byte, I/O, I/O, I/O, I/O
Yeah, I imagine it must be frusterating. However, I am frustrated with YOUR constant spelling mistakes!
Please excuse me, I'm too tired from grading tons of English Composition papers at my local University.
-Cyc
/.'s 10 Millionth
Klez passed through my work a ways back and ever since then we've all been getting all kinds of spam. From what we can figure, the virus replied to all kinds of spam with the From line set to everybody's email address, including mine. So even though I hardly ever give my email away except for work issues, i'm now inundated with spam. Makes me think that someday some spammer out there will write a virus solely to collect email addresses.
Klez is a pain even if one's ISP blocks infected messages. My mother has dial-up and even though the ISP blocked the messages it sent a notification meassage to her. The first couple were okay but getting twenty ~100 Kb "warnings" is a waste of time and bandwidth. The sad part is the vulnerability is old. Can't wait for trustworthy computing. ;)
While it probably does not bother the majority of *nix users who can simply hit Delete to solve their worm problems, I've found it pretty easy to filter things like Klez out (and protect any Windows boxen you might have behind a *nix gateway) using Sophos Antivirus for UNIX, Sophie, and Virge. They're fairly easy to install and so long as the virus scanner is kept up to date, they catch anything hostile that comes to your SMTP server.
--Kylus
Idiot-proof something, and Life will build a better Idiot.
www.mailwasher.net
it's easy to use (imports your mail addresses directly from most popular mail clients), scans the mail server and gives warnings on possible virii and spam. As a bonus, it not only lets you delete messages on the server before you download them to your email program, it also lets you send back fake bounces to spammers.
the interface isn't quite as nice as i'd like, but it does the job.
Moral indignation is jealousy with a halo - H. G. Wells
A week or so I start getting all these emails from different mailbox administrators, etc. informing me that emails I was trying to send had invalid addresses.
I'm looking at them and it shows my address in the from area and it was mostly spam for beastiality sites. My wife went ballistic.
I got tons of them back as undeliverable. How many made it through? And now people think I was sending them spam for a porn site.
They were coming back to my wife's WIN98 machine, so she called MS. The help desk chick tells her "Someone else has a virus and it is sending out emails w/your address" So my wife says "What do I do?" and they tell her to update her virus definitions. My wife said, "But you just told me that the virus is not on my computer, someone else has it. Is there nothing that I can do?" the girl says "Well download new virus definitions and check for service packs"
The whole thing was rather humorous.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
This is a genius virus attack. It used to be that viruses were altruistic ventures. Now it's DOS attacks for profit.
What a brave new world.
Oh and Microsoft... fix the damn holes already! God! I love being a eudora/telnet user.
I usre hope that code wasn't covered under the DMCA..yer screwwed then
Boys pants half off.
If you use the IMAP protocol and set your client to just download the headers, using email over a modem becomes much faster. And since with IMAP, everything is synchronized, you don't have to worry about having to maintain multiple copies of your inbox, and worry about which message is where. (Come on, haven't we all forgotten to check that "leave copy of message on server" box when we use a new pop client?)
If you're worried about maintaining an IMAP server, just use sortonce.com. I've been using them and they're pretty cool. They are reliable, and scan for viruses and spam so you don't have to worry about stuff like this anyway. They are in preview mode right now, so if you sign up, I believe you get a free enhanced (SSL and global authenticated SMTP!) account for a year.
They have a web front end too, at mail.sortonce.com which is pretty nice as well.
~Stephen
Ever since we stopped allowing people to receive executable attachments (thanks to MIMEdefang!), the virii have all but disappeared. There is no need to scan for virii on a mail server. Just get rid of executable attachments (there's a big list of them in MIMEdefang's example configuration). All these trojans use stupid Outlook auto-execute tricks/bugs/features to propagate. Executables shouldn't be sent as a direct attachment anyway. Either wrap it up in a zip file (the recipient has no excuse when he infects himself) or put it up on the ftp site and send a URL. This has got to be one of the basic elements of securing a network where Outlook users lurk - no executable attachments (picture Joan Crawford on a rampage).
MIMEdefang also gives us the ability to call Mail::Spamassassin from a sendmail Milter, something Spamassassin itself does not yet support. The latest version also supports the File::Scan module for writing virus scanners in perl.
Edith Keeler Must Die
http://www.ultrafunk.com/products/popcorn/ is the website for the program.
I have nothing to do with the program or its development, I'm just a happy user.
I use Post Road Mailer for OS/2. I have been infected with 0 viruses (or virii?) since 1990.
Fight Spammers!
I'm on a modem for a few weeks and downloading countless megs of mail viruses is extremely frusterating.
Ever hear of IMAP?
it's not the *physical* harm... it's the freaking man-years of time that is wasted. IT departments are strapped enough as it is, but then lump on top of that all of the time spent chasing crap like this down, and it *is* a strain on resources (bandwidth, server drive space, and the valuable attention it takes to diagnose and resolve a particular problem). The cost is real. Whether it's $10B or not, I have no idea, but it certainly isn't trivial.
No man is an island, but Gary is a city in Indiana.
We got hit by Klez (AMG; allmusic.com). Let me tell you, it SUCKED. This was a really potent virus. It got in through our video department (somebody opened an email...) and from there, it spread through some shared network apps. Within an hour or so, virtually everyone was toasted.
Since this one spread through exe's, and since it was one strain of like 20 different Klez variants, cleaning was a real bitch. Luckily, I'm in programming, so I didn't have to do much of the visit-everyone's-machine thing. I did have to format my box, tho, as all my applications (including system apps) were hosed.
mike feldkamp
I've been getting lots of Klez.
It is Yet Another virus that is grabbing email addresses from browser caches, as far as I can tell.
I have taken new measures to shield my email address from ending up in a browser cache, e.g. setting META no-cache directives.
I love KLEZ.G. I had Trend Micro's evaluation corporate scanner installed for the lst month and still got infected by it. I'm now using Sophos which cleans it, but the virus seems to corrupt a DLL upon first use so after installation I go to safe mode and run the scanner with 'DELETE'. KLEZ.G overwrites the exe instead of just 'patching' it so there is no disinfection. Bugger of a virus to deal with, and my office (we're a management company) has infected some of the hotels we manage. Luckily our video stores run DOS and an email program which doesn't allow/use attachments.
McAffee didn't say anything about this virus either, though I'll admit our virus files are from early this year.
I've now set all the outlook express clients to run in restricted security mode now, though, so we likely won't have much more of a problem in the future. Didn't infect Outlook, though, and obviously didn't infect other clients.
-Adam
Webster.com is your friend, Taco.
The professional journalistic practices and editing of Slashdot always cease to amaze me.
/.: why the hell am I here?
I bet these people will be raided very soon by the FBI.
Ergonomica Auctorita Illico!
The virus can launch automatically when users click to preview or read e-mails bearing Klez on systems that have not been patched for a year-old vulnerability in Internet Explorer, Outlook and Outlook Express. Klez only affects PCs running Microsoft's Windows operating system.
They should say it only INFECTS people running Windows. If it's stealing their address books, which may include my email address (mail server and client both linux based) and signs me up for the tattoo artists' youth hostel fish care mailing list, that certainly affects me. Sorry for the rant, just pisses me off that even though I can't get infected by all these M$TDs (Microsoft Transmitted Diseases), they still find a way to clobber me...
We don't have a state-run media we have a media-run state.
MIMEDefang
stopped Klez cold at my clients' sites.
"I'm on a modem for a few weeks and downloading countless megs of mail viruses is extremely frusterating"
...but to some it's not as bad because on broadband internet connections downloading mail is fairly speedy.
telnet to the pop3 server directly, delete messages you think to be spam, log off -> send & recieve...
dmarien
Just when you thought amavis was the cure for the odd little virus the odd little user would pass along, here comes Klez.H. Our helpdesk account receives 200+ "WARNING VIRUS IN MAIL ADDRESSED TO YOU" from amavisd. Yesterday, as I am on the security bitch list, I get a call from a "Senior Security Admin" for the Naval Intelligence Service (is there such a thing???). He was complaining that their sensitive e-mail accounts were getting hundreds of e-mails from foobar.edu e-mail addresses and that we need to put a stop to it. Take clue-by-four from scabbard. Take aim. Beat. This cat didn't even know what the Klez virus is and claims to be a security maven for the military. WTFE. After he yelled at me for lecturing him on how to read e-mail headers, he asked me what the solution was. Simple: ban the use of Outlook. Huff. Huff. Huff. "We can't do that! We have a contract with Microsoft."
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
On my mail server I disallow dangerous attachments.
r it y.html
It's quite simple to do in sendmail. There are several approaches but the one I use was outlined by J. Hardin using procmail. See his page at:
http://www.impsec.org/email-tools/procmail-secu
After I disallowed *.exe, *.pif, *bat, etc at the server problems vanished. No longer do I have to worry did I update the def's in the last 30 seconds and does Norton even have a def for it yet. Yep, THIS is the way to do it.
The plural of virus is neither viri nor virii, nor even vira nor virora. It is quite simply viruses, irrespective of context. Here's why.
Just wondering why we should trust you...
(I'm posting anonymously to keep myself out of trouble...)
Yes, network admins can protect their network with some brand name antivirus software. But I still believe the main line of defense still lies in educating the users. You can protect your network from email virus, but users can still bring in virus using floppies. I have engineers who love to click on anything they see. Even it has dead give away virus email header. These people don't care. If the network is down, great that's the network admin's problem. They don't realize want the cause is to the company.
I recommend that companies should setup strong disciplinary actions for those users. Their behavior not only shows their irresponsibilites toward network usage, but also displays traits of bad professionalism in handling other work related projects.
Dress her up like a choir boy!
Infuriate left and right
Over all, we've identified over 15,000 virus infected e-mails on an average traffic of 11,500 per day. This doesn't count the 70 or so mutations that our scanner did not catch in a two day period. Turned out the broken mime header prevented effective scanning of the attachment.
Can I send the bill for 14 techs to MicroCrap for this?
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Are there any other internet email protocols out there that solve the spam problem that have any kind of chance of gaining popularity?
He who knows not and knows he knows not is a wise man. He who knows not and knows not he knows not is a fool.
We just finished replacing GroupWise 5.5 with Exchange 2000 at work (Fortune 1000 global company) 3 weeks ago. We run Norton AV Corporate (push down new defs the minute they come out). We are running Win2k 75%, Win95 25%. All Win2k machines are SP2 and Feb 2002 security update. We haven't seen *1* instance of this lovely virus as the desktop. Actually, we haven't seen an email virus strike yet (crossing fingers). Hire good people, you get good results. Jason
Ever feel like you are driving the getaway car?
is for the World to begin the arduous and expensive task of removing Microsoft software from their computers.
The first step is to eliminate Outlook for e-mail. There are other options, even Emacs, that really aren't too user unfriendly.
The second step is to eliminate Office for shared documents. There are other options, perhaps Open Office, that will be less prone to viruses and will be more maintainable over time.
The third step is to begin evaluating other operating systems besides Windows. This is harder, because it will be difficult to replace all the software that was useful in Windows. Over time, however, a fairly comprehensive list can be developed, and a plan can be made to make the switch to a non-Windows OS.
The fourth step is to take the plunge and dump Windows entirely. This may be the hardest step, because this is where the most learning needs to take place. But it is just a matter of time before users adapt to the new environment.
This is what I have been doing at home and know it isn't easy to make a full transition. However, I have found adequate replacements for nearly everything and am pretty satisfied with the results.
This doesn't have to be an all-Free-all-the-time solution, either, because there really is a way to mix open and closed software to meet your needs. It just takes research, time, and patience to find that Microsoft really doesn't rule the world at all--they just want us to think they do.
Healthcare article at Kuro5hin
...but luckly we aren't affected since our Exchange server has quarentined each email with said virii.
.NET Framework, C#, WinCE, and my XBox. But who in the world would use such a POORLY DESIGNED email client at home? I've never been convinced about the whole "IE should be removed from Windows" nonsense, but I think that outlook should be considered a TROJAN and removed by virus programs.
And for more redundancy, I'm also not affected at home - because I don't use OUTLOOK! I love Win2K, the
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
On one hand it's a shame that the virus flooded his mailboxes... but if he's using a free email account to conduct business then, well, he should know better. It's not like email accounts are all that expensive.
mark
If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
I'm on a modem for a few weeks and downloading countless megs of mail viruses is extremely frusterating.
This is a huge pet peeve of mine that I would not expect slashdot editors to fall victim to. If you are on a modem now for a few weeks, then what are you on normally!? Aren't they called CABLE MODEMS or DSL MODEMS? Chances are that you still use some sort of modem to connect to the Internet, unless you have a special high speed line direct to your house. I hate when people associate "modem" with slow, just say "dial-up" damn it!
For work I communicate with a large number of Pakistani, Indian, and Middle Eastern students and student wanna-be types. I get flooded with whatever virus is current...
The person who wrote this spent some time thinking of the way to do the most damage. This virus nails you to the wall the instant it infects someone who just has your email address. That was some vicious thinking. The problems caused by this virus actually extend into social engineering. Pure genius.
Makes you wonder what else they'll come up with...
Maybe someday we'll have security, and patch this sort of thing...
Hell is being intelligent in a world full of idiots.
spoofing means that Klez could just as well appear to have come from president@whitehouse.gov (an email address that has never actually sent anything, AFAIK) if one person who installed the virus had that email address in OutLook (LookOut).
me
Ive never had a virus, I have been clicking away at a console for over 20 years, I have owned a personal computer since 1978. I have never had a virus on my computer, knock on wood. It is I must say proabably a combination of sheer dumb luck and the fact that I dont click on emails that say BRITTANYNAKEDPICS.EXE.....But so be it I am lucky.
That said my mom was in the same boat, the lan at her store has now 8 nodes and is pretty killer for a rare bookshop. Last saturday I get a call, half afraid to tell me whats going on, the line is slow, this that the other come down and look. Frigging virus variants running amok. I can say my Aunt felt bad it was her and she knew it. Being a family diplomat in the brady bunch land family I live in , all I could say was "No , its my fault for not keeping the AV server updated" then I realized the crap I just said so she wouldnt feel bad was true. They are firewalled to hell and back. They have AV clients on all the systems, and still they got nailed, why ? human error. not hers , mine.
It was nothing to clean and had just started the night before. but were talking a catalog of 250000 volumes at risk totaling over 4000 man hours of entry to create. Whew.....I lucked out, It wasnt corrupted (the most recent backup was 1 week ago) but they are spending over 150 hours per week cataloging all the volumes they have. Its tediouis work all hand research and grading. Not like a first edition signed copy of "Steal this Book" is something that has an ISBN. (They actually put one on their front shelf, I said, hmm a 500$ book that says steal me on it, they walked over and grabbed it putting it in a safer location)
All this work could have been EASILY lost, but there was a recent backup and 2 the damage was minimal at the point I snagged it. The potential for disaster here was big. Until last week I would laugh when someone got a virus doing untold damage. I think this one hit a little closer to home, I am the protector and architect f their IT enviroment. Basically if it happens on your systems or systems you take care of its your fault one way or another its your fault.
Sig went tro...aahemmm.....fishing........
The real problem is that Klez is emailing itself from an infected machine to a flood of people using your and my email address in the From: line. Not only does this cause a ton of people to respond to you and me saying "you must have a virus" or thinking that we really think that this penis enlargement solution works (or that we need one) -- but, it distributes your email address to others who may potentially get infected themselves, who may in turn infect others. Next thing you know, your email address that you've been so diligent about keeping somewhat private is inundated with spam and viruses.
I've used a ZX81 since 1982 and have never been infected by any virus.
Use of an obscure OS is not really a legitimate excuse.
1. The hole's been fixed for a long time, you're just another slashdot-kneejerk reaction to something you don't know about and doesn't affect you.
2. If you're worried about security, don't use telnet like a jackass....
Thank you.
Sig: What Happened To The Censorware Project (censorware.org)
I got infected by the Klez virus at least 15 years ago. I heard tapes of the Klezmer Conservatory Band, the Klezmatics, Brave Old World, and reissues of Dave Tarras recordings from the 20's and 30's. Believe me, it just gets worse. Last Saturday (after sunset), I was at a klez jam, about two dozen people playing clarinets, fiddles, accordions, etc., and it lasted well past midnight.
Makes it difficult to get up in the morning and go to church, I'll tell ya.
Haven't confessed it to any priest yet, though. I'm not sure I'd trust the priests here in the Boston area with such information.
There doesn't seem to be a cure, either. I don't know anyone who caught this one who ever got over it.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Call me lucky, but the last time my inbox received an e-mail virus was in 1999 (guess which virus it was. . . . Happy99, heh).
I believe in stems from not having compleat idiots having me in their address books.
Smart friends == no virus' in email.
Hey, just out of question, what plurality of Virus are we supposed to use this week? Last time I was flamed for using virii, and I see flames over viri and virus' as well. This is getting waaay to annoying, it was so that awhile back pretty much everybody had agreed on virii (may not be historically proper but at least it ended the debate) but I want to know what {censored} started the debate back up again?
Need help treating your acne? Come here!
worm authors used perfect english! man they would spread like wildfire... mail with malicious attachments is getting so damn easy to spot due to the broken grammar.
dmarien
Although I don't run Windows (and as far as I've found out the virus doesn't infect anything else) I'm sure as hell *affected* by this massive spread.
I get 10 - 20 infected messages a day, which in fact makes my mail less valuable. It is a big problem for me, and potentially for everyone using email.
I use the biggest ISP in Sweden (Telia) and if they can't protect their users, I don't know who can. Maybe the ISPs (or some of them, anyway) just don't care?
Klez was very slow to spread at the beginning. Even if for some odd reason someone STILL doesn't block dangerous attachment types, they should have updated their AV software by now. I mean, they all do it automatically. If you aren't blocking attachments and running a GOOD anti-virus software (I recommend Antigen for Exchange) you better get that resume ready.
It was properly tested.
a bug is in RAID, MS's bug database.
I put it there myself.
they didn't seem to think that it was a big issue.
I no longer work at MS.
oh well...
Thats Odd, Mutt doesn't download email over my connection. What email program is Taco using?
Klez met pine for a little while till pacbell started filtering. I did look at all the jpg's I got sent... sadly nothing good. *sigh*. As outlook becomes more infested with exploitable features, little old pine just motors along completely unaware that active email actually exists...
uhhh. was that not a brag ? :) *snigger*
I use /etc/procmailrc to keep unwanted email from ever being delivered. I usually catch several virii every week, but klez made it past. I thought I had a pretty good procmailrc going on, but it didn't catch this one.
Anyone care to share a procmailrc entry that catches the Klez worm?
Thanks in advance.
In the course of every project, it will become necessary to shoot the scientists and begin production.
It's a description of badtrans not klez.
I've been getting the wierdest little pictures from this latest virus. I dunno if they are swiped from someones drive or part of the virus itself.
Running 100% MS software, off-the-shelf NAV, and good ol' 56k dial-up. ...No Klez, Nimda, Melissa, or any other damn virus... The trick? Very picky about who gets my email address, don't register for anything online, and am very particular about what software/files I download from the 'net. I am reading about you guys who are getting clobbered with multiples of thousands of hits and don't understand how you can live like that. Sorry to put the damper on the anti-MS guys, but that isn't the problem here; the users who don't update their virus sigs, don't pay attention to their email clients (what do you mean I have sent a bajillion messages?), and don't understand what the hell they are doing online to begin with (don't even get me started on opening attachments). This makes for great sensationalized news (OH MY GOD, ANOTHER VIRUS), but for true users, it is not news. Yeah, I am going to get modded to death here, but sick of the bitchin' and whinin' about viruses -- it is a price you pay to play.
...we are from the government - we are here to help...
We've actually chosen to stick with GroupWise 6 for this very reason.
If he's too cheap to spend $20/month for a real email account for his business, I have little sympathy.
Imagine if enron got infected with one of these worms?
-- If you try to fail and succeed, which have you done? - Uli's moose
Perhaps he misspelled the genitive singular of the Latin word "virus". An easy mistake to make, especially for slahsdot users who commonly mispell things.
Sounds like you need to speak to your mother's ISP and get things straightened out. If the messages are being filtered then they shouldn't be adding to her quota.
>Executables shouldn't be sent as a direct attachment anyway
Why not? email is a great way to distribute all sorts of binary files; send it off and forget it. No waiting for slow HTTP downloads.
Email programs that auto-execute received mail are broken! And user's should not execute anything without knowing the sender. (And MS shouldn't disguise that clicking on something that looks like a JPEG is actually going to launch the program!) And why should I have to manually compress files before sending? Computers are supposed to make my life easier.
I've many viruses sent to me.
99% of them lately have been from the frees/wan mailing list (and 100% stopped by my mail server with virus scanning).
You'd think people involved in/interested in Linux ipsec/VPN (and I assume security), would:
1) Use an appropiate OS/mailer.
2) If for some reason they had to use windows, use a decent mailer.
3) If for some reason they had to use Outlook would secure it properly.
4) Would have antivirus measures installed.
Ok, I know that many worms have been propagated through MS LookOut, etc, through the years, and I've been on the sysadmin end of shutting them down and cleaning them up. But, you can't blame MS quite so much for this one. For one thing, the vulnerability has been patched for an entire year, so anybody who is still vulnerable isn't really trying at all to stop it. For another thing, the security settings in Outlook XP (and I think 2K, IIRC) are much stricter by default. I've actually opened these klez emails, but Outlook won't display them. It says something about having HTML that it won't display, or something to that effect. It also won't do .exes, .mdbs, etc without a registry modification, which has annoyed me on occasion, but is doubtless much safer than the previous way of doing things.
Let the flames begin.
I see in one Wired article that folks worry what sort of message that Klez sends about them. I don't know about them in particular (since the From line is spooked) but Klez tells me that there are still a lot of stupid people using Micorsoft mail programs!
> Computers are supposed to make my life easier
Wrong, my friend. Computers are supposed to make Bill Gates richer. Otherwise, he wouldn't have made Outlook so ad-friendly.
Personally, I'd find pornographic email coming from a priest funny even if there was no church coverup. In fact, I didn't even -think- of the whole child molestation until the above post mentioning it.
As far as your analogy goes, comparing it to a bad racial joke is imappropriate. Comparing it to a Democrat sending a "Vote republican!" might be more comparative.
...they'd be pictures of 8-year-old boys.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
IMAP would allow to get all the email, minus the atachments. You can pick which attachments you want. People, read the IMAP spec. It offers so much that ppl dont take advantage of.
According to M$, if you use
IE 5.5 Service Pack 2 or IE 6, the MS01-027 patch is included.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Congrats on your sleuthy detection and exposition of the karma whores in our midst. May Allah grant you eternal bliss and seks with lots of Elle MacPhearson clones.
mje0w!!!1!
I'm using evolution as my mail client. I can't seem to come up with a clever filter that will remove the Klez emails I receive.
I guess it's just more of an annoyance, but if anyone knows of a good regex filter that I could use, it would be great!
Agreed. I hate to get negative karma, but this guy needs modded up for this reply!
Murphy was an optimist.
You can do most of this with a nice IMAP client.
I'll second the recommendation for The Bat. It rocks, and I gladly paid the registration fee.
See ZoneAlarm Pro at ZoneLabs.com. That program (Windows only) has a feature whereby it renames files with extensions executable in Windows. Go to Security settings/Advanced/MailSafe. The executable extensions are listed there. I believe there is a trial version available.
Question: How did it happen that Microsoft Windows has 33 executable extensions?
[...] But most likely other e-mail programs like Eudora are not designed to enable virus replication. [...]
(In desperate search for a cool
Many ATMs and cash registers run OS/2, but you don't hear about it because there is no problem.
Fight Spammers!
and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson
Unless he's a Catholic priest, that is.
I pledge allegiance to the flag...
of the Corporate States of America...
I think there may be a variant on Klez right now floating around and it is hilarious. I got the first this morning and have gotten several since.
The email said: Attached is the patch to prevent the Klez virus. Because it is a virus patch, it will appear to be a virus to all virus scanners. Go ahead and run the executable to protect yourself forever from the Klez virus. The attachment WAS the Klez virus, or something very close. I didn't poke around to find out; as I am practically a techno-not in that department, but it left me wondering.
I found myself thinking "My poor mom. She would actually fall for that. Oh my gosh! The guys at the office are going to fall for that." And then I had to race around and make sure nobody was being stupid.
Liora
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
Except it was posted by an AC which leads me to believe that maybe it was a Troll.
I am infected with the KLEZ virus and I really don't know how I got it.
I have a new computer running windows XP and IE 6.0. I use a very old Eudora 3.11 for my e-mail. I received the KLEZ virus as an attachment, and as usual, I didn't open it but rather deleted it right away. And yet somehow, I still got infected (I am also running up to date antivirus software).
This is the second virus I've ever been infected with (in 5 years of having a PC, 4.5 years with no antivirus software) so I have some clue about what to open and what not to.
Does anyone have any idea how the virus got on my system? And how to get rid of it? I've downloaded the scanning programs which find nothing, checked the registry and searched for the common virus files but still nothing but I still get e-mail replies about the virus (ie, autoreply I'm on vacation or that the server has detected a virus and did not send the message)(and no, the virus is not attached).
....are now going to add half the world to their mailing lists claiming that the klez virus subscribed them on their behalf and the spammers are helpless ?
g -list incident. This is an excellent reason to wake up and propose a law that forces the spammers to make sure that somebody really *wants* to get on their mailing list.
Just getting paranoid after all that yahoo-has-a-bug-so-added-everyone-in-every-mailin
Considering the hotfix that fixes this problem has been on Windows Update since March of 2001, you can blame the morons who don't check Windows Update often. And can Slashdot turn down the "I hate Microsoft" dial a bit? Having it at 11 all of the time just isn't healthy.
Not All Who Wander Are Lost
It's a frigging troll. The information given is not about Klez!
"And like that
Maybe we need a new email server/client system? One that only allows authenticated/verified emails to be sent/received. Maybe we could expand it to ip telephony to get rid of all those telemarketers!
.....Any of the posts today at slashdot. They are all either from dead slashdot readers or are from priests! I checked them all out!!!!!!
What they are blaming is that the entire church as an organazion tried to cover this up in a way that perpetuated the problem. The organization deserves all the ridicule and disgust theyre getting for that.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
not to use window$. Linux is faster, smarter, and superior than M$'$ attempt at an OS.
If we allused linux instead of m$ products like windoze and X-Bucks, there would be no stupid virii like this one. This is just another example of a micro$oft gaping security hole
Micro$oft $ecurity $ucks. The programmers at micro$oft cant program for beans.
You aren't getting any virii because the Win2k exchange server has crashed. It's not delivering any mail.
So I get this call at 7 this morning (pissed me of becuase I don't have class till 4 pm) guess what. A family member has this virus becuase her company didn't bother updating the Microsoft products and she has auto-preview on, even though I've told them not to do that. They thought they were protected becuase the company scans all e-mails for viruses through out the network.
What's the lesson to be learned? Even if your company has the best virus software, it's always 2 steps behind the viruses. Update your ie and outlook already, I mean the process takes about 15 minutes and two restarts on a fast connection. And don't call before noon on Tuesdays! I like my sleep!
=================
Unix is very user friendly, it's just picky about who its friends are.
i am green with the procmail recipies, but from what i understand from looking yesterday, procmail cant look at mime attachments? how come?
there's really no good way to filter this in the body or headers, due to the randomness, correct?
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I agree that Windows platforms are vulnerable due to the ubiquity of the OS and applications. However, I guarantee there's an exploit or twenty hidden in your Mac configuration.
:) (and I'm sure someone will followup with a link to the story if I did)
Even mutt had a nice exploit a few months back, in the email address parsing! Not much an attachment-blocking scheme can do about that. I must have missed the Slashdot story regarding this
Just make sure you keep up with patches for whatever computer software you choose to run.
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.
No, no questions - lol.
It had a nice executable with the worm attached, too. :)
Dammit, its true. Im so upset i cant get logged on. Rob was killed in a car crash just minutes ago. I wonder if I should just shut down the site .
michael
He's on a modem? Jesus. I pity the poor bastard.
I know that was supposed to be a joke, but I'm afraid it's not funny.
Um.....No.
This is the W32/Badtrans-B virus. You can find out about it here.
We are actually talking about the different variants of the W32.Klez.gen@mm virus.
If you are really an "engineer" at a small security firm, you might want to try looking at the correct virus next time.
is to see how many idiots waste their mod points modding me into the darkets pits of hell for vaguely humorous comments, rather than modding UP a worthwile post that people might want to read. I just enjoy watching people act like idiots.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
To prevent getting hit with a virus I use the web interface my IP offers to check my mail BEFORE I download it. Since the interface doesn't allow me to launch any exe files and barely allows me to see attachments, I can see what is in the mailbox before downloading it to my home PC.
Since it also allows me to delete mail without opening it, I can 99% of the time kill the spam or suspected mail before any infected mail even gets near me. Because of this, the only thing I have left to do is make sure my anti-viral software is up-to-date, and scan anything I get with an attachment. So far, one virus since 95, and the one I did get was caught before doing any damage by my software. The simple solution is to stay awake and do everything you can think of to scan your mail before "bringing it home."
-Goran
Carpe Scrotum - The only way to deal with your competition.
I got tired of dealing with my users' virus problems a long time ago. So I wrote batemail. It's a Perl script that you slip between your MTA (e.g. Sendmail) and your local mailer (e.g. Procmail) that filters out ALL executable attachments.
I've been using it in my production environment for over a year now and it works like a charm. And it's open source, too!
at NiftyGiantISP where I work, it doubled the traffic inbound and outbound during peak. it's pretti nasti...
filtering all mail traffic thru a set of IDSes seems to be saving the server farms, tho.
I've been using computers since I was seven (18 now) and I've been online since I was eleven. Even back when I thought typing 'win' at the DOS prompt was a password, I never got a single virus. Where does everyone find them? I want one!
Question
http://www.ironfroggy.com/
Lets say some engineer at GM thinks "Hey I want to make changing the oil in the car as easy as possible so I'm going to put a button on the dash that opens the valve and dump the oil in a nice neat container".
Neat idea...except when you are driving down the highway at 80 MPH and someone hits the "OIL" button and dump your oil out of the engine.
What is boggling is that Microsoft designs in features just like the "Oil" button and then tries to play blameless. "Well obviously you aren't supposed to script e-mail that way". That is interesting logic but that doesn't fly for real world engineering. "Intedend use" and "capabilities" where one is clearly more important than the other. Microsoft can not place "Oil" buttons in their software and think they will only be used as intended.
The core problem is that Microsoft continues to write applications, and worse, data formats that break a cardnal rule: programs run data not the other way around.
Another thought to think of: Read the license on the software. Almost any software makes a "No Warrenty" claim on their stuff. If installing the software and using it corrupts data, causes natural disasters, makes your machine blow up, you can not blame nor are MS, Linus, etc. liable for fixing it, replacing it, etc. You use the software and you are on your own. This falls squarely under that.
Of course this absolves MS of blame but then again, why again do PHB think that MS software is great?
All slashdot users should have a huge gathering in New York, so that we can get to know each other better.
I'm questioning whether Microsoft fixed this bug at all. I really am.
Okay, I'm familiar with the bug which Klez and others supposedly exploit, and its fix (supposedly IE 5.5 SP1 or greater) but the fix does not seem to do a darned thing. I've installed every service pack for IE under the sun, and still no good.
On computers that I've installed IE 5.5 SP2 on plus all the other recommended patches, they still have the vulnerability. I've seen users with 5.5sp2 just click on (not open) an email and it automagically loads the virus du jour. Fortunately, McAfee stops it before doing any damage, but it still irks me.
I've installed all the fixes suggested by hfnetchk and/or "WindowsUpdate"... and I'm at a loss. This vulnerability seems to be pretty ubiquitous across all of our NT4 and Win2k machines, which all have IE5.5sp2. Is there anyone else out there that is having similar problems?
Ceci n'est pas une pipe.
> I'm afraid that the original poster is correct, the only place you'll find an adult site's reputation being seen as good is at their colocation (bling bling) and a pedophile convention.
Why would pedophiles care about an adult site?
Virg
Having said that, I know the problem is common for others. I have worked as an admin/infosec type for a large US Government agency installation and seen email virii (yes, I know its "viruses", but that word is so... ungainly) cause a lot of trouble. And I have seen the same issues hit a major tech company I worked for too. Sure, these organizations are able to control the damage. But there is an initial reaction period that is uncomfortable and a long period where the infected traffic continues to hit the organization (albeit ineffectively).
But this traffic does not just hit large organizations. I have a small business client who seems to be a magnet for MS email virii and trojans. I suspect it has to do with his clientel who in turn tend to be less computer literate and therefore excellent virus vectors with his email addresses / site URLs waiting in their mail boxes and web cache.
Why not? email is a great way to distribute all sorts of binary files; send it off and forget it. No waiting for slow HTTP downloads.
No, just a slow POP3 download.
And why should I have to manually compress files before sending? Computers are supposed to make my life easier.
No they are not. They are supposed to support the stock price. Silly boy. Go sit in the corner!
Just think - if computers actually DID make your life easier, you'd never want or need to buy another one. That kind of short-sighted business model may have flown in early 2000, but this is 2002. The bubble has burst, it's time for real business.
Edith Keeler Must Die
Since I haven't used Windows in eons, someone please remind me what a Virus is. From what I remember, a computer virus shoudl REALLY be called A Microsoft virus.
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
I got 3 letters on saturday, all appeared to be "Returned Mail: User Unknown" messages, even though I've never sent any mail to any of the supposed people (one was a k-12 institution address.. I know FOR SURE i've never sent to that). I use MacOSX with Apple's Mail program, so I didn't get infected. I did pass on the letters to my ISP's e-mail abuse address (I did not know what Klez was at the time) and they informed me yesterday of what it was. This is the first virus that has been passed to me (AFAIK), and I've never been so happy to be M$ free as I am after seeing all the stories pop-up about this virus on The Register, CNN, and now /.. I've never had a virus on my computer, and with any luck, it'll stay that way!
today is spelling optional day.
top <message_num> <lines_of_body_to_display>
From RFC1939
TOP msg n
Arguments:
a message-number (required) which may NOT refer to to a
message marked as deleted, and a non-negative number
of lines (required)
MOD THE CHILD UP!
Well, I'm sure calling the ISP could help but it's not *that* big of a deal. She has a bandwidth quota but she never gets near to hitting it, unlike me. The bigger problem is folks who don't know enough to patch their systems and stay du jour with A/V solutions.
Whats the point of karma whoring with a troll if you do it as an AC? *sigh* What is this world coming to?
mje0w!!!1!
...for having a brain. :)
/.: why the hell am I here?
Are you sure you don't mean "persecuted"? Still, the parent post was a joke, and jokes often lampoon groups of people for humor. Whether it was tacky or not really depends on the listener.
Also, where did "science-worshipping" come in? How are you to know that the post wasn't written by a Catholic, or even a priest with a wry sense of humor?
Because you toss around baseless accusations while decrying baseless accusations in others, you shouldn't be modded as a troll. The problem is that "-1, Hypocrite" is not available, and so that's the best choice in the list.
Virg
No Outlook, no MSIE, no scripting vulnerabilities, no problem!
May we never see th
Comment removed based on user account deletion
We did not get infected, did not see the virus within our system. Yet how many man hours did we waste fighting this virus?
Couple man hours ensuring virus sigs up to date on all servers, distributed to all desktops.
Couple hours reasearching the virus. A few hours checking out the sandbox to see what the virus is doing. An hour writing a report and sending a summary to users. Several hours answering users questions.
Then the virus starts spreading. Yes, we know the virus forges the sender's address, but every bounceback and claim of viruses originating from here were checked (due diligence). Dozens of man hours spent scanning machines we knew were clean. Spent checking email logs to ensure the original message never actually passed through our email server.
More hours spent answering calls about users who are now getting bombarded with the virus emails, who don't yet understand that "virus stripped" means it's clean and can simply be deleted.
How many man hours is that? Close to 100 hours by my estimate; $5000 wasted on this... and we weren't even infected. No system downtime. No lost files. No (major) interruption of resources to users. Just me and four other techs taking time out of our regular schedules to do fight this.
I don't have any idea how much it would cost, in terms of man hours alone, if we were to get infected. I'd hate to find out.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
...all I get is a little 2KB-3KB email. No attachment, no virus.
Attempting to view the email just gives me "This message contains script, which Outlook cannot render" and a blank message window.
Oh, BTW, I'm using Outlook 2002 configured to view all HTML emails as if they were in the "Restricted Sites" zone, so I'm not sure how that would affect things.
And I know for a fact that I'm not infected (have run NAV Corporate numerous times, and have checked for the 'Klez' registry keys and filenames and found nothing).
I'm rather curious why I seem to be getting nothing but duds. Could Outlook possibly be protecting me from Klez?
* Q
P.S. If you don't get this note, let me know and I'll write you another.
It's viruses, god damn it! I can't even read your fucking message because you use the non-word "virii" every two sentences and it drives me crazy!
Dear Supreme Commander Taco,
I believe that you suffer from the "I know the wrong people, or the wrong people know me" syndrome.
I strongly suggest you hide in a cave.
Best regards,
Ugh
All in all it works pretty good, we don't have Klez, we get a ton of it but it is all filtered at the server. Personally I think that someone who ends up sending everyone in thier contact list is going to suffer a bit of a hit to thier proffesional reputation. Over the past week or so serveral people in the company have been getting "you sent me a virus" messages. No we didn't! I've been over the whole company with a fine toothed comb, we don't have this thing.
The fake email headers are really this virus' claim to fame. What a freaking disaster.
And Klez adds the final touch to debunking Microsoft's claim that Windows software boosts office productivity.
Is it just coincidence that PC sales have slowed dramatically? What is the cost of that?!
McAfee VirusScan for linux...$30
amavis scanner...............$ 0
not hearing CmdrTaco whine...priceless
The problem with bad priests is the same as the problem with bad cops: it's very unlikely that one can be abusive without others being aware of it. So perhaps it's only a small percentage of priests who molest children. But the fact that many more knew about it, and kept silent, even when these molesters were put back in the charge of children, is equally damning.
Also, tell me, where are your statistics for "hundreds" of priests being "wrongfully prosecuted?" I read of people flocking to churches to support those priests who have not been accused. And being the butt of jokes is a small price to pay, and the cost of doing business, when you sign up for an organization as powerful, arrogant, and insular as the Church.
"Hardly used" will not fetch you a better price for your brain.
The plural of 'virus' is 'viruses'. Cut out the pseudo-intellectual shit.
I've obsessively watched my parents' email accounts ever since my dad asked me why Teenage Girls Want To Show Him What They Do In Locker Rooms.
In the past 2 years, I think I've gone through about 30 email accounts for them. Without exception, they receive little to no spam, even if the account is frequently used (so random address generator bots aren't THAT good yet). However, in every instance that they give an address to 2 or 3 specific friends of theirs, within a week their inbox is full of crap. These particular friends are notorious for mass Fwd:'s.
I've concluded that somehow one of these idiotic spammers has either written an address gathering virus, or is somehow picking up on mass recipient lists. Anyone else see this sort of patten?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Does anyone have a sendmail configuration to reject Klez?
--
http://www.aikiweb.com - AikiWeb Aikido Information
I suppose that next you'll tell me that boxen isn't right, either.
Comment removed based on user account deletion
All these trojans use stupid Outlook auto-execute tricks/bugs/features to propagate. Executables shouldn't be sent as a direct attachment anyway. Either wrap it up in a zip file (the recipient has no excuse when he infects himself)
Now all we need is a M$ automatically to decompress zips and run the script
I have a friend named "Annie" who got an e-mail from an old friend "Johnathan Archer" which was actually sent by my friend "Tiffany"'s Klez-infected computer. Annie and Tiffany are from different towns, and Johnathan doesn't live near either of them. It's just a random example of the six-degrees rule of thumb. Neat, huh? We checked, it really is the same guy.
Austin is more fun than Dallas.
> Similarly, except free as in {beer,speech}, try Balsa [gnome.org].
Oops. Now that I've re-read the grandparent post, I see that it was using the "top" command rather than just looking at the basic message info. AFAIK, Balsa does not support "top". It does save a lot of headaches, though.
Sheesh, evil *and* a jerk. -- Jade
Do people just like the way two i's in a row look? Even if we were going to use a latin-like plural for this (which we don't), it would be viri, not virii.
The reason words like "radius" are pluralized "radii" (with two i's) is that there's already one "i" before the "us":
radi-us
radi-i
If we were to use the same pluralization scheme with "virus", it would be:
vir-us
vir-i
One "i".
Many ATMs and cash registers run OS/2, but you don't hear about it because there is no problem.
The PC and embedded markets are very, very different things.
Just because a piece of software is ubiquitous on an ATM, doesn't mean
it's not obscure in the PeeCee world.
The reason OS/2 doesn't get viruses is because no one writes them
for it - it's not worth it because hardly any good targets (desktop
computer users) exist. The spyware situation on linux is similar:
people crow about how linux apps don't have any spyware, but that's
not because of some inherent technological superiority, it's simply
because no one has written any. (Hell, barely anyone has written commercial
apps for linux at this point, let alone commercial apps with sleazeware.)
Just because you don't see it in the news does not mean that it is obscure.
According to webster.com it does:
3 : relatively unknown: as a : REMOTE, SECLUDED b : not prominent or famous
:wq
One ring to rule them all. The (_O_) in Goatse.cx
Oh, well, then if IT departments working to clean up the mess left by viruses can be counted as a dollar cost, I'd like to see a comparative study done of the dollar cost due to unprovoked Windows crashes.
It is also probably worth pointing out that these viruses wouldn't be nearly as plentiful had it not been for the 25-years-and-counting history of bloody-minded engineering incompetence freely practiced up in Redmond.
Schwab
Editor, A1-AAA AmeriCaptions
I got sick of all the spam, all the chain letters and all of the virus's. So I decided to run my own small mail server. I changed my email address and only gave it to people that would not open foolish attachment, and would not forward crap on to me.
:-)
Running linux the virus's aren't a problem, but downloading and the wadding through hundreds of emails sucked.
I then use procmail along with spam assassion. Now when I check my email there is usually one or two messages, and they are relivent.
Even the mailing lists I'm subsribed to get put in a sepereate folder.
I can't complain at all anymore.
What about those less the brillent friends that are still affected? Well I leave icq and aim running so they can just leave me a message that way.
Hey if my mother can avoid getting infected with these stupid virus's so can you!
I keep hearing about these "email viruses", how do I enable support for that in Evolution? Or do I have to wait for the next version? I hate missing out on all the cool features.
sic transit gloria mundi
Maybe I should just tweak Klez a bit so it removes me from anyone's address book. Yeah, that's it! Anyone one else wanna add their addr to the cleaning list?
I am the network administrator for the Absentee Shawnee Tribe of Oklahoma, recently we were assaulted by no less than 5 variants of the klez worm. Klez.C,E,F,G, and H... WATCH OUT FOR Klez.H!!! It is stinking creepy smart! Not only does it play the normal irritating klez crack games with your email system, it also knows how to delete your antivirus software (I've observed it doing this to Norton, McAfee, and InoculateIT), but worst of all, given time it actually knows how to write into motherboard and video card bios space on reboot with win9x! (it does this even if the stupid "boot virus protection" is enabled in the bios and bios flashability is TURNED OFF! This is NOT a joke or a prank, this thing is freaking dangerous. I've already sent emails to Computer Associates, Norton, and McAfee... be careful people, be bloody careful
-----------------------------------------
Remove the Greed which plagues mankind.
It's not a potent virus, it's an EMAIL VIRUS!! The reason it gutted your shop is because YOU CHOOSE TO USE MICROSOFT OUTLOOK AND YOU DIDN'T KEEP IT UP TO DATE.
It's fools like you that are the cause of this entire mess. "Duh - I left the door open and the security system turned off last night and - duh - someone came and took all our stuff. He must have been a really potent thief - duh-hu-hu-drool."
If one of you morons could manage to activate a single brain cell amungst your collective you might realize that - GASP - the reason you are in the situation you are in is that you are all complete dimwits.
I have no sympathy for idiots like you. If I had my way you would all be dragged outside and shot like dogs in the street.
Take five cents and go buy a clue you fucking idiot.
Norton (Symantec) has released a tool that cleans up the infected files. Works pretty well too: I just fixed a friend's computer with it. Her machine was messed to the point that it would barely boot, and I got it running fully in a matter of minutes with it. Grab it from http://www.symantec.com
An easy mistake, like you misspelling "misspell."
blog & fiction: jd87
Especially nice on Linux!
The spellchecker it not integrated yet, but it will be added right after the 1.0 release.
The US/UK/"Insert your country here" postal service is inherently insecure as it allows you to spoof your return address. Let's blame all the problems on them. What good did they do for us in the past few centuries anyway??
:. Ultimate Control Dedicated/VM Servers
Bill Gates' SSN: 539-60-5125
:)
I found your sig a little hard to beleive, so I did some google research (and its true!).
You ought to add this link to your sig to add some legitimacy to it.
Gotta wonder why sec.gov took down Bill's ssn, but left Paul Allen's (536-58-3118) online?
Oh well, no matter, archive.org is my friend
2) Use IMAP. Delete what you don't want
-- angry ac at work (angry at the 0.01 SNR of my mail now-a-days)
in main.cf:
\ ? =)?(\.)?/ REJECT
body_checks = regexp:/etc/postfix/body_checks
in body_checks:
/^begin(-base64)? [0-9]+.*(\.|=2E)exe(\?=)?(\.)?/ REJECT
/^[^]*(body|filename|name=).*(\.|=2E)exe(
You have to do the same two lines for bat, pif and scr (put them where the above two lines say exe) I could not paste them all due to the lameness filter telling me to use less junk characters.
What were the skies like when you were young?
Hey there Rip Van Winkle, you must have been asleep when Napster *WAS* held responsible for the theft of music. That established the precedent. Napster *did* facilitate music theft.
Microsloth's junkware *does* facilitate virus writing and propagation, therefore the same punishment should be laid upon them for their misdeeds.
Also bear in mind that MS facilitated Napster too.
So much for HotMail's server-side scanning (it uses McAfee AFAIK). I've seen it block attachments with viruses before, but I guess it's not 100% effective (after all, it is a MS product!).
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
it DOES do physical harm : when you work for say, 8 hours... fixing & cleaning a box from a nasty virus, you have lost 8 hours of your life. your dna has lost some length in some places, and you have likely inhaled carcinogens released from some fume from the computer, and theres definitely something not healthy(killing your cells) about the monitor...
.exe 's make files ugly :P
while the physical damage, with one person, may not be large or even noticable, added over thousands of working-hours over dozens of people...perhaps the idea that of those people one of their lives has just been wasted, all for a bug...even if each of them just lost a few hairs from stress : the mass is gone.
this is the concern here...i dont want to waste some poor collective bastards life because of microsoft deciding that
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
From the article :
====
Montez now understands the e-mails came from Klez-subscribed news lists. But he said that since his free e-mail account only stores a certain amount of messages, he's lost access to the account twice this week. He believes he's also lost a significant amount of business-related e-mails.
====
Why is it that people continue to rely on free email services for business-related matters? Then, when something goes wrong, they moan and whinge and wonder why no-one has any sympathy.
Sheesh. You get what you pay for.
I finally managed to escape the hell that is a Microsoft Outlook-only office environment ("Eudora? But it doesn't have that calendar thing...!") by quitting. Between the vulnerable software and the uneducatable(?) users, it just wasn't worth the effort.
Then one day I received the following call from the new IT manager:
Me: "Hello?"
Him: "Hey, it's W****n, can you come in here today? Our server is doing weird shit and everybody has that new virus thing."
Me: "Well, so, fix it!"
Him: "I can't figure out the server config, and you have the antivirus software!"
Me: "Christ, I took you through the server setup for almost a month! I printed out the specs and shit! They're in a folder on top of the f**king thing! And what happened to the NAV Corp Ed subscription?"
Him: "Uh, I can't find it. We thought you must have...taken...it...hello, what's this? Hey, it's from my ex-wife! I wonder what she's sent me..."
Then he opened it.
True story.
I run OS X, Win98Se, FreeBSD & Solaris 8.
I don't use Outlook or Outlook Express.
All the machines are configured to recieve mail.
I haven't seen one Klez yet.
I think I might be a total loser. How on Earth is it possible that I haven't ended up on a least one stupid person's email address list? How can it be?
Have I no friends?
I am so ashamed....
This
################ Klev Check ##################
:0
* ^Content-Type: multipart/alternative
* B ?? ^Content-Type: application/octet-stream
* ! B ?? ^Content-Type: text/plain
virus
I have written instructions on setting up Postfix to work with Sophos Mailmonitor. I like this solution because the API between MailMonitor and Postfix is pure, regular SMTP, not some vendor unsupported addon. I can telnet to the port the Mailmonitor SMTP server runs on and troubleshoot, knowing that any errors in this part of the operation are the responsibility of Sophos, or alternatively that if the SMTP server on this port is fine, my postfix config is at fault.
and I got a new computer. Boss was fed up with the outdated anti-viri software and just decided it was best to start over. Thanks Klez!!!!
These save me from the worst of sircam and klez
| good|IE 6\.0|nice) (game|website|tool|patch)
.*(klez|elkern).*(removal|immunity)
:0
* H ?? (X-MIMEOLE: Produced By Microsoft Mimeole|Outlook_Express_message_boundary)
* B ?? ^Hi! How are you=3F
* B ?? ^See you later=2E Thanks
/dev/null
:0
* H ?? (X-MIMEOLE: Produced By Microsoft Mimeole|Outlook_Express_message_boundary)
* B ?? ^Hi! How are you\?
* B ?? ^See you later\. Thanks
/dev/null
:0
* Subject:.+Melt the Heart of your Valentine with this beautiful Screen saver
/dev/null
:0
* Subject: A +(special|very)? +(excite|humour|special|new|funny|powerful|powful
* > 50000
/dev/null
:0
* From: postmaster
* Subject: Returned mail--".+"
* > 50000
/dev/null
:0
* Subject:
* > 50000
/dev/null
:0
* H ?? ^X-MIMEOLE: Produced By Microsoft Mimeole
* B ?? ^Hola como estas =3F
* B ?? ^Nos vemos pronto=2C gracias=2E
/dev/null
:0
* H ?? ^Content-Type: multipart/
* B ?? ^
* B ?? ^BODY
* B ?? ^Content-Type: audio/
/dev/null
Tobi
1 show extentions of every file type
t y.html
open my computer, View Menu , options , view tab tick
2 Set Outlook express to restricted sites zone
tools options security
3 install html-procmailtrap on your email gateway
http://www.impsec.org/email-tools/procmail-securi
easy !
those first 2 should be the DEFAULT from microsoft if they are interested in security !
Type unto others as you would have them type unto you.
Despite its superiority for most applications (including spamfighting), IMAP is still losing to POP and will continue to do so for some time. Why? Because ISPs (and other mailbox providers) don't like providing diskspace for their users' mailboxes. A huge mailspool is bad enough, but the default behavior of most POP clients will is to move a user's incoming messages from her inbox to her PC -- removing the burden from the provider.
It's a perfect case of service-provider myopia, too: if the technology were better applied, IMAP clients might be able to delete viral attachments (or IMAP servers might strip them out) before they're even downloaded, cutting down on virus retransmission, and eventually reducing the overall storage requirement of those users.
As with everything else, the best solutions to the spam problem will only be available to those savvy few (hey, that's you!). Unfortunately, just like with a communicable disease, you can't just cure a few people -- you have to cure the whole population.
Honestly if someone ELSE has a virus and is sending out your emial address what is MS going to do over the phone with you that is going to stop it??
MS tech support did not write OE, the OE patch for this has been out over a year and making sure YOU don't get and send the virus is about the only thing they can do for you.
Don't want a virus? use kmail (*nix) or pocomail (win*).
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
... makes me glad that me and everyone else in my area run secure (read: not quite as brain-dead) mail clients.
Friends don't let friends run Outlook/IE
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Of course the best way to stop this trash, especially if you are on a modem, is to only grab the headers and delete the stuff you obviously dont want.
Mailwasher is the best I've found for doing this. Not only will it delete from the server, but if it's a notorious spammer then you can tick the bounce box and it will reply with a user unknown error, hopefully meaning you'll never be hassled by those morons ever again.
Pretty effective, and made my life a whole lot easier. And best of all, from their page... "It's free. That's right, you can keep on using this program and it won't expire. You are offered the chance to register MailWasher and pay a price you think it is worth. Think of this payment as a tip - so please contribute something."
Enjoy peoples, and go easy on their server (if I had a decent connection myself, I'd post a mirror, but alas)
Glenn
The Smrt way to trade CFDs on the ASX
Yeah, one of the mailservers my mail goes through recently had MimeDefang installed on it, and I love it. There's nothing I like better than receiving strange messages that say "This email has been cleaned by MimeDefang", etc. I love the service, and I'm glad my ISP decided to use it. It saves me a lot of hassle and worry when it comes to email viruses, and it hasn't bothered my normal e-mail and attachment traffic at all.
using namespace slashdot;
troll::post();
Sure they fixed everything after their viruses reached the tv news.
But seriously if you are the largest software company in the world you should have known that having your email client automaticaly execute anything it receieves is not a good idea.
Oh, really? That's a mighty interesting way of looking at it.
Let's go look at what the American Atheists say about it:
You Have Another Freedom
Dear friend...
We often hear that Americans have "freedom of religion." You have another freedom, though -- freedom from religion, and from paying heavy taxes so religious organizations and churchgoers in the United States can benefit from your tax payment!
Atheism is, according to them, "freedom from religion". Sounds like you're off-base, sir.
Cheers,
An AC in Europe
I'll bet that anyone who's a spammer is harvesting all these *genuine* e-mail addresses that are floating around on the net because of this virus.
I'd add the link, but I think it breaks slashdot's lame, arbitrary 255-character .Sig limit.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Secondly, M$ should be bearing the brunt of this. Klez is once-again using the outlook misfeature that if you click on a message to see who it's from, Outlook opens it and violates your ass without lube.
Yay.
Anyway, this dosn't impact me, aside from the occasional mailing list I shutdown. It's amusing to watch the entire winderz world fall off the net. Again. And again.
Perhaps if some of these dipshits would hit M$ with a class-action suit for gross negligence there'd be changes. As far as I'm concerned, there ARE NO OUTLOOK VIRUSES. They're simply using the system exactly as designed.
--Dan
Telnet will clear text your user and passwords across to the server. You better trust your network. A lot.
Why the fuck don't ISPs block infected (pop3 and smtp) email? How simple is that to do!
It won't stop all of it, but it'll stop Mom and Pop and the kiddies.
Yeah, yeah, $. I'd pay en extra $5/mnth to halve the junk in my inbox.
I finaly printed my address book out on paper. I put the address on it as a barcode. Now I e-mail people and put in addresses in via the free scanner provided by Radio Shack. Now if everyone would delete their electronic address books, much of the MS spread security problems would go away.
Not many people would drop the convience so I don't see this as working. Too many users just can't be bothered to keep up on security and are way too willing to run an attachment sent to them that is supposed to keep them from getting a virus. It's OK to send me a virus warning. Don't send me an attachment to fix it. I'll check the usual trusted sources for the description and measures to fix it. Too many viruses are spread via social engineering.
The truth shall set you free!
I just spent the last two days fighting this virus in a 125 seat company. Although in the end only a half dozen boxes were infected, the impression end users got was that the virus was on everybodys computer.
It was easy to find the infected computers once I realized that the "REPLY-TO" address in the header reflected the actual sender.
Am I doing everything? Am I being as good a netizen as I can be? Or is there something else I haven't been doing I should?
I ask, because I too have been receiving messages from people I don't know accusing me of adding them to mailing lists or spamming. I get enough spam as it is, and I certainly don't want to get any more -- but now my email address is sent around by those I may have emailed with -- as the from!
So do I just kick back and not think about it, or am I missing something I should be doing as a user and system admin?
No, the plural of virus is Microsoft.
Oh my God...the dead have risen and they're posting to Slashdot!
deus does not exist but if he does
that's the only reason for this crap?
I believe in the MS/Norton/McAffee Conspiracy to sell software.
You should have a scanner on your mail server. I've got mcafee groupshield on my exchange boxen. I just love opening my email every morning to see how many emails were nuked the previous day.
import kenyan.geek.* ;
I'm a sysadmin at an ISP, and we have been filtering Klez inbound and outbound for 13 days, and the load basically hasn't tapered off at all. Since we started the Klez filter (thank you, Exim!) the number of bounces in our postmaster box doubled and show no real signs of slowing up.
That is a lot of bounces because we also filter on SirCam (still see some of those everyday), use several RBLs, and have extensive local spam filters and reject lists, as well as optional spam filters for Korean-encoded and Chinese-encoded mail (just rolled them out and over 800 customers have started using them already).
The cost of this is a lot of wasted bandwidth consumed by spam, worms, and viruses, in hardware (we run 4 MXes where two would otherwise suffice, because of the filtering load), and the countless hours we spend each week on defending our mail system and our customers from all this crap.
Besides the usual suspects (MS for their security holes, users for their laxness on applying updates, and the virus writers themselves), I also have to blame a lot of adminstrators for this. Mail admins, listen up! You KNOW Klez is out there and you KNOW it's going through your systems. You probably have a ton of captive specimens of it. Start filtering it inbound and outbound. You're not only helping other admins to control this problem, you're helping yourself.
And let's all be thankful that virus writers and spamware writers come from two camps that aren't likely to like each other, because if they got together and wrote a worm that silently propagated itself and turned Windows boxes into selectively open relays for use by the spammer/authors, that would be a real problem. The scary part is that it wouldn't be all that hard. The worms already have their own SMTP engines these days. The leap is small. Let's hope they don't make it, but let's think about how we're going to control it when they do.
Line of defense number 1: ISPs - if you don't already block port 25 in/out from your dial pools (requiring your dial users to smarthost through your outbound SMTP or send through it directly), start NOW. The ass you save will be your own. If we all do this (my employer has done this for years) we will cut off spam.
Well i question numbers like that, lets look at a recent case i had.
I did something stupid. i left my home machine with an unpatched IIS server exposed to the internet. i was careless, and nimda bit me. it traveled through non password protected shares, and also infected 2 other machines.
Clean up and repair took 4 hours to make sure it was gone. if this was me doing this for a client, that would be 85$/h * 4h thats a 340$ expenditure to clean up. if its an email virus, and a few people get infected, a few diferent times the cost adds up quickly
Damn good point there - MS has been criminally negligent, and they've hidden behind the lack of liability clauses they put in their EULAs for too long. It's the same with other software companies, but MS's screwups are writ extra large because of their dominance.
Someone needs to take MS to court charged with negligence, and put an end to their arrogant assumption that they can do whatever the fuck they please, because they say they can.
himi
My very own DeCSS mirror.
And you don't remember any religious persecution going on during World War II? None? I dare say, without his anti-Semitic rhetoric, Hitler might never have come to power. And the Japanese believed in the divinity of their emperor, too--the word "kamikaze" means "divine wind."
At least part of the Arab-Israeli conflict is religious in nature. You just don't see a lot of atheist suicide bombers. A lot of "ethnic cleansing" is done along religious lines as well.
The expansion of European nations into the Americas was often justified under the aegis of "divine right."
That's not to mention the religious rhetoric that's used to get men to go to war. Ever hear the song "Onward Christian Soldiers?"
So the original poster might be a little bold about his statistics...but don't fool yourself into thinking religions have their hands clean, even today.
"Hardly used" will not fetch you a better price for your brain.
I wonder how many responses to Klez emails bounce back with an "address unknown" error?
Switching to another system (linux, for instance) will just changed the set of bugs that virus writers attempt to exploit.
But it would make things a LOT better, for two reasons:
The existing set of Microsoft-only viruses (virtually all of 'em) would die off.
The other system (unix, linux, etc.) has, not just a different set of vulnerabilities, but a MUCH SMALLER set.
What is needed is variety. If there were more variety in the software and OSen people used, we could avoid such widescale abuses.
Unfortunately, that's not enough by itself. Yes a variety of systems makes it harder to write a virus to attack them all, so some will survive unscathed. But an infected computer can cause a lot of trouble even for other computers that AREN'T subject to the infection. (For instance: By flooding it with infection attempts or by ganging up with other infected machines to DOS-attack it.)
So it only takes ONE widely-deployed OS with a vulnerability to make trouble for the rest of the Net. Thus more variety means more pools of machines able to be converted into troublemakers.
The solution is a few, secure, operating systems.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
This is not a troll but... Maybe said IT departments should GET A FUCKING GRIP ON REALITY!
ALL you need to do is block .vbs, .exe, .scr, .com from entering your exchange (sendmail, postfix, whatever) and 100% of these problem disappear.
You missed "slahsdot"...
If you use Windows, you get what you deserve...
;)
The thing of it is, Outlook isn't the vulnerable software here... The vulnerability is in Internet Explorer. Any program that uses IE, therefore, has the vulnerability.
Outlook just happens to be the way most people EXPERIENCE the vulnerability. But even something like Quicken could trip over it.
This sort of crap is why I edit my Windows registry to treat things like .HTA and .HTX as "text" files (handing them over to UltraEdit), and an email program that does NOT use IE for displaying HTML and doesn't know how to script (The Bat! from ritlabs.com)...
I don't get viruses (knock on wood) since I read in pine but I got something from the National Funeral Association and wierd content that didn't look like an obvious virus at first. I guess I was the first of many to ask their sysadmin what was up..
Ha!
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I hate the idea, but maybe the time has come when to run a mail-server, you must, by law, run virus scannning software.
Simple rule: No Outlook, no Virii
Woopty Doo Basil, what does it all mean?!
Great cross-platform file sharing systems exist for file sharing. Netware, DCE and OpenAFS are examples. These can easily handle any internal file sharing need, and some external needs. For sharing files outside, many easy solutions or work arounds can be made that don't require attachments. Some people even say that MS-Exchange could do this.
Regardless of how it is set up, once you have platform independent file sharing in place, all attachments can be filtered out. Then there's no doubt -- your shop could not be spreading Klez or other pathogens.
Note that keeping files on the server also simplifies concurrent editing and version control.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The only way we could have been invulnerable to this sort of mishap is by using linux;
/novell might be setup in a way excutables don't get modified. (Until a admin gets infected)
...if you did not get it yet 8-)
Because:
-There are very few linux enabled viruses.
-Wine does not support enough win32 to let most viruses work. (and wine still must be run as root)
-ACL's could have controlled the spearding of the viri.
not:
-Any platform can get infected. No platform is protected against users executing anything they get send. If linux gets popular it will get viruses AND anti virus software.
-Linux might excute some win32 code.
-NT
AND
-The best way to protect against virusu is to reinstal your machine from scratch every now and then. (Real programmers don't need viruses to format ther hard disk.)
AND
-The best way to protect against a DOS attack is shut down your system. Ask the pointy haired manager about this.
(did i just get trolled?)
Heres some cheese for that whine.
stfu and deal with it.
Just run your dam AV scanner.(windows)
Or Set up filtering.(*nix)
Unless your on 14.4 I really cant see the big deal about downloading anyway.
What your paying by the minute? Those days have been gone for a while now.
I can not believe this story even made it here.
What you editors can not find anything more newsworthy?
They make me feel wanted. Never before have I had so many people send me files in order to have my advice.
Peter
Here's the current one:
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Use Calypso instead. Great program. But at least don't use Outlook.
and yours of "your"
The problem with this supposed fix is that I'm sure a lot of users already have a pavlovian response to always clicking "yes" on those confirmation dialog boxes. I know I do, whenever I have the misfortune to be on a windows machine. I mean, almost every significant action seems to have an annoyingly condescending confirmation dialog box. Which is why you'll often hear me talking back to the computer whenever I have to use windows. Something along the lines of:
Anyway, you get the idea.
Also, I'm sure the confirmation dialog boxes are just to back-up M$'s long-standing PR spin policy whenever a new virus comes out: "We can't be held responsible for everything the user clicks on! Hey, our software even warns them before it opens the attachment!".
qmail + qmail-scanner + H+BEDV AntiVir (free for nonprofits) = no klez (or sircam, etc)
that's my solution
I didn't say it had anything to do with science per se. What I *am* saying is that wars are not a monopoly of religious zealots -- actually quite the opposite. Atheists have been responsible for some of the most heinous crimes in history -- the Holocaust, the Soviet pogroms and the Gulag, among other things.
In the case of the Nazis, they abused science and claimed that it justified their aims of exterminating the Jews, Gypsies and other supposedly subhuman groups, while creating a master race. But to say "science" as a concept is responsible for war is just as ridiculous as saying religion is the cause of war. In the end, both can be misused as an excuse to slaughter people. The *real* cause of war is most often competition for limited resources and a lack or failure of negotiation and diplomacy.
Of course, you can argue that religious zealots have caused great suffering -- 9-11, the Mideast crisis, near-wars between India and Pakistan, the Thirty Years War, the Crusades and so on. But that is not the fault of religion itself, or of religious belief -- in somewhat the same way that it is not the gun's fault that someone used it to kill.
Your beginning premise of science versus religion is also off-base, in my opinion. The two are often portrayed as being in conflict, when there really is none. Religion is a system of belief centered on a deity or group of deities. Science is a method of gathering information and proving theories. Sometimes there is overlap, and sometimes people try to force a conflict when that overlap occurs. But again, that is the fault of people trying to gain influence and authority, not the fault of religion or science.
Who is at fault when a war breaks out? It is, quite simply, the fault of people unwilling to share resources fairly and live peacefully with those who are different from us. Look at any war in history, and you will see that while the slogans and propaganda of each side use certain words and ideas as justification, it always boils down to two or more groups of people fighting to gain power and control at the expense of another group. Everything beyond that just masks the real issue -- who gets the largest share of influence, money, political control or whatever. Religion and science end up merely being useful tools to prosecute the war.
Many words, but I hope you see my point.
Cheers,
An AC in Europe
For years the entire IT community has been saying that the problem is that users don't know any better. "Those damn users keep on opening up their Outlook attachments." This is simply not true.
.exe, .com, .bat, etc. AT THE EXCHANGE LEVEL.
The problem is Admins who don't block
There is absolutely no reason any user needs to receive these types of files. Anyone who would be dealing with these types of files would have the foresight to tell the sender to clip the extension and simply add it back later.
Positive PR from security updates is probably not it. The plan is surely far more insideous, perhaps as described in Cringely's article from last year: The Death of TCP/IP
It's an old game called Provocation, perfected by dirty-tricks gang who now control your planet. Have a nice day.
no sig, no plan, no clue
.. has a feature that allows you to preview headers and delete selectively.
I use this as my email client, its pretty decent, and its free (as in beer).
Isabella @ home, Bad Kitty, there are many more; adult sites that do not spam, that cater to the preferences of their clientele in entirely legal and moral (if you're not a screamingly amoral bigot or fanatic religious zealot yourself) manner.
It's true that among the lunatic fringe of religions (and particularly among mainstream christian sects for some reason) anything associated with sex if disreputable. And even in the most tolerant of religious quarters (Unitarian Universalists being a notable exception) anything even vaguely associated with homosexuality is usually considered tainted with sin, despite the prevalence of homosexuality among many mammal species presumably created in accordance with divine will.
But! To be considered disreputable by people with basically insane and hurtful beliefs (yes I am talking to you Southern Baptists, among others) is a good way to get a fair evaluation from those who think clearly and independently.
--Rev. Cheswollen