Slashdot Mirror
Klez, The Virus that Keeps on Giving
kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson."
God bless microsoft email viruses. I'm on a modem for a few weeks and downloading
countless megs of mail viruses is extremely frusterating. Course I'm still
getting sircams.
Hrm, I can't think of any practical uses of scripting in emails anyway. Can anyone help me out?
Try operating a legit, non-spamming adult site that's worked hard for years to get a decent reputation, only to have klez emails that appear to come from your customer support email address.
People are going to believe a priest when it's explained that it was a virus; nobody is going to believe a legit company that's operating in an industry where so much spam originates.
Argh.
-b
it's not the *physical* harm... it's the freaking man-years of time that is wasted. IT departments are strapped enough as it is, but then lump on top of that all of the time spent chasing crap like this down, and it *is* a strain on resources (bandwidth, server drive space, and the valuable attention it takes to diagnose and resolve a particular problem). The cost is real. Whether it's $10B or not, I have no idea, but it certainly isn't trivial.
No man is an island, but Gary is a city in Indiana.
Quite common. If you just sit and post on slashdot all day, then no, you probably aren't much of a target for virii. However, I run 3 large websites, active on 10 mailing lists and send close to 50 emails a day. My email address is spread all over the Internet like a bad case of herpes. In return I get close to 30 - 40 infected emails a day. That was before I installed a virus scanner on my mail server.
Pretty funny.
Keep in mind the hundreds of priests now being wrongfully prosecuted due to a stererotype that is spreading like wildfire. Bear in mind how it is ruining their lives.
I love how on slashdot, insults and slander made about religion are modded as funny, yet if I were to say, "Porn from black people? What was it, pictures of fried chicken?" I'd be modded as a troll. It's all ignorance; it's all slander; it's all hatred. Stop modding self-righteous science-worshipping trolls like the parent up.
Although, I'm sure that now I'll be modded as a troll. Whatever.
Dare to think for yourself.
We dance to all the wrong songs.
--Refused.
Thanks a lot to Microsoft for being responsible of the most annoying viruses so far.
Isn't that a bit like holding Napster responsible for all theft of music that happens on its systems, or the manufacturers of CD-RW drives for all software piracy done on their machines? That's the argument used by the supporters of DCMA and other nasty bills that outlaw fair use.
The scum-wad(s) who wrote the virus are responsible for its actions. Microsoft should do a better job of writing secure software, but the primary responsibility lies with the virus writer. Any responsibility born by Microsoft is equalled by the responsibility born by those users who don't apply security updates and don't run up-to-date firewall and virus checking software.
Sailing over the event horizon
is for the World to begin the arduous and expensive task of removing Microsoft software from their computers.
The first step is to eliminate Outlook for e-mail. There are other options, even Emacs, that really aren't too user unfriendly.
The second step is to eliminate Office for shared documents. There are other options, perhaps Open Office, that will be less prone to viruses and will be more maintainable over time.
The third step is to begin evaluating other operating systems besides Windows. This is harder, because it will be difficult to replace all the software that was useful in Windows. Over time, however, a fairly comprehensive list can be developed, and a plan can be made to make the switch to a non-Windows OS.
The fourth step is to take the plunge and dump Windows entirely. This may be the hardest step, because this is where the most learning needs to take place. But it is just a matter of time before users adapt to the new environment.
This is what I have been doing at home and know it isn't easy to make a full transition. However, I have found adequate replacements for nearly everything and am pretty satisfied with the results.
This doesn't have to be an all-Free-all-the-time solution, either, because there really is a way to mix open and closed software to meet your needs. It just takes research, time, and patience to find that Microsoft really doesn't rule the world at all--they just want us to think they do.
Healthcare article at Kuro5hin
The person who wrote this spent some time thinking of the way to do the most damage. This virus nails you to the wall the instant it infects someone who just has your email address. That was some vicious thinking. The problems caused by this virus actually extend into social engineering. Pure genius.
Makes you wonder what else they'll come up with...
Maybe someday we'll have security, and patch this sort of thing...
Hell is being intelligent in a world full of idiots.
Sig: What Happened To The Censorware Project (censorware.org)
>Microsoft should do a better job of writing secure software
Exactly and that is why everyone makes comments because it is always (well 9 out of 10 at a guess) a microsoft feature/bug that allows the virus's to spread like wildfire.
Mark.
---- There are 10 types of people in the world. Those that understand binary and those that don't
Ok, I know that many worms have been propagated through MS LookOut, etc, through the years, and I've been on the sysadmin end of shutting them down and cleaning them up. But, you can't blame MS quite so much for this one. For one thing, the vulnerability has been patched for an entire year, so anybody who is still vulnerable isn't really trying at all to stop it. For another thing, the security settings in Outlook XP (and I think 2K, IIRC) are much stricter by default. I've actually opened these klez emails, but Outlook won't display them. It says something about having HTML that it won't display, or something to that effect. It also won't do .exes, .mdbs, etc without a registry modification, which has annoyed me on occasion, but is doubtless much safer than the previous way of doing things.
Let the flames begin.
IMAP would allow to get all the email, minus the atachments. You can pick which attachments you want. People, read the IMAP spec. It offers so much that ppl dont take advantage of.
Isn't that a bit like holding Napster responsible for all theft of music that happens on its systems, or the manufacturers of CD-RW drives for all software piracy done on their machines? That's the argument used by the supporters of DCMA and other nasty bills that outlaw fair use.
If Microsoft hadn't enabled braindead default settings in Outlook/Outlook Express, things wouldn't be as bad as they are. Most of these viruses exploit holes in versions of Outlook/OE that are very popular. Sure, there are patches, but try getting people to install them. Then they have to reinstall Windows for some reason, they put OE or Outlook back on, and leave it unpatched.
Microsoft will continue to get hammered over this until Outlook XP and subsequent versions reach critical mass, because those versions have some sane defaults (including not allowing any access to executable attachments finally!).
"And like that
Many ATMs and cash registers run OS/2, but you don't hear about it because there is no problem.
Fight Spammers!
What they are blaming is that the entire church as an organazion tried to cover this up in a way that perpetuated the problem. The organization deserves all the ridicule and disgust theyre getting for that.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
If was all used linux, it would only be a matter of time before linux viruses started appearing. Granted, they would be much less effective, and many prople wouldn't be bothered at all, but there will always be prople who dont update virus defs., use a firewall, etc.
The vast majority of viruses are windows-based because thats what most of the world uses.
After I got burned a few times by Norton coming out with an upgrade 2 hours AFTER I got infected, I stopped relying on it.
This is the whole problem with anti-virus software. Your best defense is your brain, not relying on someone else to write a defense program for you.
I have a novice friend who recently asked me about viruses. He runs Win98, IE5, OE5. I helped him with security settings and explained the significance of file extensions to him. Even my beginner buddy easily understood that having a secondary extension on an e-mail attachment is a red flag to not open that attachment. That knowledge, along with some logical security settings, (scripting host 'off', please), is your best defense against these viruses. My brother-in-law OTOH, opened a virus recently and is waiting for me to come over and clean it off for him. It's an 80-mile drive so I think I'll let him stew for a couple days. Hopefully, he's learned his lesson.
Sidebar - One of the biggest complaints I have about the default Windows install is that it hides extensions of known file types. Who was the genius at Microsoft that made that decision?
"Michael, I did nothing. I did absolutely nothing - and it was everything that I thought it could be."
No, it's not.
Computer science and computer security experts have been saying for years that Micros~1 hasn't got the first fscking clue when it comes to writing solid, reliable, secure code. This despite the fact that there have been several examples of, if not ideal solutions, good first approaches to the problem. Indeed, to create WinNT, Microsoft snarfed the VMS team from DEC, a bunch of guys who understood those principles.
And yet, despite the mountains of examples both within and without the company, despite the millions of computers blue-screening every damned day, Microsoft willfully persists in making the same stupid mistakes.
As is well-known, Word macro viruses were a big problem in years past. This was because Microsoft made a series of impossibly moronic decisions:
Okay, fine, so Microsoft got bitten by their would-be cleverness, but they cleaned up their act, right? They learned their lesson, right?
No. Not only did they refuse to acknowledge that they had fscked up royally, they went and deliberately committed the same errors again and again:
There's a term for this kind of behavior: Willful negligence. Oh, you can point out that there are security update downloads. But you can't ignore the fact that, if Microsoft had followed basic security principles, if they had learned from their own history -- hell, if they'd even extended common courtesy to their users -- this sort of thing wouldn't have happened in the first place.
This isn't an honest mistake. This is a pattern with over twenty years of history behind it.
I agree that uneducated users are a big problem. But, especially with the advent of broadband connectivity, what Microsoft has effectively done is to give a loaded Uzi with the safety off to eight-year-olds, and then fail to train them in its use or even tell them where the safety lock is.
Microsoft touts its products as turnkey, ready-to-go, fire-and-forget, no setup, no configuration, no need to learn computer-ese, just sit down and become productive immediately. This is misleading in the extreme. Training is required; proper configuration is required (because Microsoft keeps setting the defaults wrong). As such, I feel Microsoft bears a significant burden of responsibility for the havoc their software has wreaked on the Internet.
Schwab
Editor, A1-AAA AmeriCaptions
Uh, multiply the 6.3 minutes by 8. You're dividing 2 megabytes by 53 kilobits per second.
I'll bet that anyone who's a spammer is harvesting all these *genuine* e-mail addresses that are floating around on the net because of this virus.
I just spent the last two days fighting this virus in a 125 seat company. Although in the end only a half dozen boxes were infected, the impression end users got was that the virus was on everybodys computer.
It was easy to find the infected computers once I realized that the "REPLY-TO" address in the header reflected the actual sender.
I'm a sysadmin at an ISP, and we have been filtering Klez inbound and outbound for 13 days, and the load basically hasn't tapered off at all. Since we started the Klez filter (thank you, Exim!) the number of bounces in our postmaster box doubled and show no real signs of slowing up.
That is a lot of bounces because we also filter on SirCam (still see some of those everyday), use several RBLs, and have extensive local spam filters and reject lists, as well as optional spam filters for Korean-encoded and Chinese-encoded mail (just rolled them out and over 800 customers have started using them already).
The cost of this is a lot of wasted bandwidth consumed by spam, worms, and viruses, in hardware (we run 4 MXes where two would otherwise suffice, because of the filtering load), and the countless hours we spend each week on defending our mail system and our customers from all this crap.
Besides the usual suspects (MS for their security holes, users for their laxness on applying updates, and the virus writers themselves), I also have to blame a lot of adminstrators for this. Mail admins, listen up! You KNOW Klez is out there and you KNOW it's going through your systems. You probably have a ton of captive specimens of it. Start filtering it inbound and outbound. You're not only helping other admins to control this problem, you're helping yourself.
And let's all be thankful that virus writers and spamware writers come from two camps that aren't likely to like each other, because if they got together and wrote a worm that silently propagated itself and turned Windows boxes into selectively open relays for use by the spammer/authors, that would be a real problem. The scary part is that it wouldn't be all that hard. The worms already have their own SMTP engines these days. The leap is small. Let's hope they don't make it, but let's think about how we're going to control it when they do.
Line of defense number 1: ISPs - if you don't already block port 25 in/out from your dial pools (requiring your dial users to smarthost through your outbound SMTP or send through it directly), start NOW. The ass you save will be your own. If we all do this (my employer has done this for years) we will cut off spam.
And you don't remember any religious persecution going on during World War II? None? I dare say, without his anti-Semitic rhetoric, Hitler might never have come to power. And the Japanese believed in the divinity of their emperor, too--the word "kamikaze" means "divine wind."
At least part of the Arab-Israeli conflict is religious in nature. You just don't see a lot of atheist suicide bombers. A lot of "ethnic cleansing" is done along religious lines as well.
The expansion of European nations into the Americas was often justified under the aegis of "divine right."
That's not to mention the religious rhetoric that's used to get men to go to war. Ever hear the song "Onward Christian Soldiers?"
So the original poster might be a little bold about his statistics...but don't fool yourself into thinking religions have their hands clean, even today.
"Hardly used" will not fetch you a better price for your brain.
religion is the cause of 90% of all wars.
I think what you mean to say is "Religion is used as a pretext to start 90% of all wars." It's really about selfish ambition. The Crusades were about land and loot, not christianity, and Osama uses islam to further his call. Kind of the same way some humanists use science to bring down hate upon people who are religious. The core texts of every major religion preach peace. Poeple, however, suck.Put identity in the browser.
Very well said Schwab. This is what I've been thinking and talking about recently. All these security problems with M$ software aren't simply little "oops, I forgot to check that variable"-level programmer errors. These are BIG design problems. Virus checkers are really a band-aid solution to a problem that needs serious attention.