Slashdot Mirror

← Back to Stories (view on slashdot.org)

Klez, The Virus that Keeps on Giving

Posted by CmdrTaco on from the isnt-that-special dept.

kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson." God bless microsoft email viruses. I'm on a modem for a few weeks and downloading countless megs of mail viruses is extremely frusterating. Course I'm still getting sircams.

13 of 683 comments (clear)

  1. Worse than porn spam from a priest... by brooks_talley · · Score: 4, Insightful

    Try operating a legit, non-spamming adult site that's worked hard for years to get a decent reputation, only to have klez emails that appear to come from your customer support email address.

    People are going to believe a priest when it's explained that it was a virus; nobody is going to believe a legit company that's operating in an industry where so much spam originates.

    Argh.
    -b

  2. Re:Scripts by grahamsz · · Score: 4, Insightful

    So targetted marketing campaigns can track which users look at what and for how long.

  3. The average user? by marekk · · Score: 5, Insightful
    From the Wired article:
    "Anytime you have a virus that is not easily identifiable visually, it tends to linger," Rod Fewster, Australian representative for antiviral application NOD32, said. "SirCam and Klez both vary the subject lines of the e-mails they send, which makes it hard for the average user to spot."
    Unfortunately, I'm sure the average user can't spot any e-mail viruses, let alone ones that change their subject line. While Outlook/Outlook Express greatly facilitates the spread of these viruses, a large part of the problem lies in the fact that too many people click on attachments and/or don't run proactive AntiVirus software on their system.
  4. Re:Using open relays to boot by trix_e · · Score: 4, Insightful
    Last thing is that I hate the Corporates assigning a value on a virus. 10 billion done by Melissa. OK. Show me the physical harm done to your computers.


    it's not the *physical* harm... it's the freaking man-years of time that is wasted. IT departments are strapped enough as it is, but then lump on top of that all of the time spent chasing crap like this down, and it *is* a strain on resources (bandwidth, server drive space, and the valuable attention it takes to diagnose and resolve a particular problem). The cost is real. Whether it's $10B or not, I have no idea, but it certainly isn't trivial.

    --
    No man is an island, but Gary is a city in Indiana.
  5. Re: Really, how common are these things? by ttyp0 · · Score: 5, Insightful

    Quite common. If you just sit and post on slashdot all day, then no, you probably aren't much of a target for virii. However, I run 3 large websites, active on 10 mailing lists and send close to 50 emails a day. My email address is spread all over the Internet like a bad case of herpes. In return I get close to 30 - 40 infected emails a day. That was before I installed a virus scanner on my mail server.

  6. Re:Pornographic attachments from priests? by xZAQx · · Score: 5, Insightful

    Pretty funny.

    Keep in mind the hundreds of priests now being wrongfully prosecuted due to a stererotype that is spreading like wildfire. Bear in mind how it is ruining their lives.

    I love how on slashdot, insults and slander made about religion are modded as funny, yet if I were to say, "Porn from black people? What was it, pictures of fried chicken?" I'd be modded as a troll. It's all ignorance; it's all slander; it's all hatred. Stop modding self-righteous science-worshipping trolls like the parent up.

    Although, I'm sure that now I'll be modded as a troll. Whatever.

    Dare to think for yourself.

    --

    We dance to all the wrong songs.
    --Refused.
  7. Re:Mailing-lists by gwernol · · Score: 4, Insightful

    Thanks a lot to Microsoft for being responsible of the most annoying viruses so far.

    Isn't that a bit like holding Napster responsible for all theft of music that happens on its systems, or the manufacturers of CD-RW drives for all software piracy done on their machines? That's the argument used by the supporters of DCMA and other nasty bills that outlaw fair use.

    The scum-wad(s) who wrote the virus are responsible for its actions. Microsoft should do a better job of writing secure software, but the primary responsibility lies with the virus writer. Any responsibility born by Microsoft is equalled by the responsibility born by those users who don't apply security updates and don't run up-to-date firewall and virus checking software.

    --
    Sailing over the event horizon
  8. The real solution by pmz · · Score: 4, Insightful

    is for the World to begin the arduous and expensive task of removing Microsoft software from their computers.

    The first step is to eliminate Outlook for e-mail. There are other options, even Emacs, that really aren't too user unfriendly.

    The second step is to eliminate Office for shared documents. There are other options, perhaps Open Office, that will be less prone to viruses and will be more maintainable over time.

    The third step is to begin evaluating other operating systems besides Windows. This is harder, because it will be difficult to replace all the software that was useful in Windows. Over time, however, a fairly comprehensive list can be developed, and a plan can be made to make the switch to a non-Windows OS.

    The fourth step is to take the plunge and dump Windows entirely. This may be the hardest step, because this is where the most learning needs to take place. But it is just a matter of time before users adapt to the new environment.

    This is what I have been doing at home and know it isn't easy to make a full transition. However, I have found adequate replacements for nearly everything and am pretty satisfied with the results.

    This doesn't have to be an all-Free-all-the-time solution, either, because there really is a way to mix open and closed software to meet your needs. It just takes research, time, and patience to find that Microsoft really doesn't rule the world at all--they just want us to think they do.

    --
    Healthcare article at Kuro5hin
  9. I'm impressed. by EvilNight · · Score: 5, Insightful

    The person who wrote this spent some time thinking of the way to do the most damage. This virus nails you to the wall the instant it infects someone who just has your email address. That was some vicious thinking. The problems caused by this virus actually extend into social engineering. Pure genius.

    Makes you wonder what else they'll come up with...

    Maybe someday we'll have security, and patch this sort of thing...

    --
    Hell is being intelligent in a world full of idiots.
  10. Another argument for CONFIRMING list subscribe by Seth+Finkelstein · · Score: 5, Insightful
    Quoth the article:

    People signing up for newsletters and mailing lists that they never subscribed to has been a major source of frustration for both users and the list owners.

    If Klez happens to send an e-mail "from" a user to an e-mail list's automatic subscribe address, the list software assumes the e-mail is a valid subscription request and begins sending mail to the user.

    This is another reason why all lists should confirm subscriptions. I'm seeing the Klem-virus beating on my own mailing list, and I'm very glad I spent the time to get the software to do confirmations of subscriptions.

    Sig: What Happened To The Censorware Project (censorware.org)

  11. Fool! use IMAP by benploni · · Score: 5, Insightful

    IMAP would allow to get all the email, minus the atachments. You can pick which attachments you want. People, read the IMAP spec. It offers so much that ppl dont take advantage of.

  12. Re:f-prot and perl solved my problems by ScoLgo · · Score: 4, Insightful

    After I got burned a few times by Norton coming out with an upgrade 2 hours AFTER I got infected, I stopped relying on it.

    This is the whole problem with anti-virus software. Your best defense is your brain, not relying on someone else to write a defense program for you.

    I have a novice friend who recently asked me about viruses. He runs Win98, IE5, OE5. I helped him with security settings and explained the significance of file extensions to him. Even my beginner buddy easily understood that having a secondary extension on an e-mail attachment is a red flag to not open that attachment. That knowledge, along with some logical security settings, (scripting host 'off', please), is your best defense against these viruses. My brother-in-law OTOH, opened a virus recently and is waiting for me to come over and clean it off for him. It's an 80-mile drive so I think I'll let him stew for a couple days. Hopefully, he's learned his lesson.

    Sidebar - One of the biggest complaints I have about the default Windows install is that it hides extensions of known file types. Who was the genius at Microsoft that made that decision?

    --
    "Michael, I did nothing. I did absolutely nothing - and it was everything that I thought it could be."
  13. The cost of viruses, worms, and spam by gujo-odori · · Score: 4, Insightful

    I'm a sysadmin at an ISP, and we have been filtering Klez inbound and outbound for 13 days, and the load basically hasn't tapered off at all. Since we started the Klez filter (thank you, Exim!) the number of bounces in our postmaster box doubled and show no real signs of slowing up.

    That is a lot of bounces because we also filter on SirCam (still see some of those everyday), use several RBLs, and have extensive local spam filters and reject lists, as well as optional spam filters for Korean-encoded and Chinese-encoded mail (just rolled them out and over 800 customers have started using them already).

    The cost of this is a lot of wasted bandwidth consumed by spam, worms, and viruses, in hardware (we run 4 MXes where two would otherwise suffice, because of the filtering load), and the countless hours we spend each week on defending our mail system and our customers from all this crap.

    Besides the usual suspects (MS for their security holes, users for their laxness on applying updates, and the virus writers themselves), I also have to blame a lot of adminstrators for this. Mail admins, listen up! You KNOW Klez is out there and you KNOW it's going through your systems. You probably have a ton of captive specimens of it. Start filtering it inbound and outbound. You're not only helping other admins to control this problem, you're helping yourself.

    And let's all be thankful that virus writers and spamware writers come from two camps that aren't likely to like each other, because if they got together and wrote a worm that silently propagated itself and turned Windows boxes into selectively open relays for use by the spammer/authors, that would be a real problem. The scary part is that it wouldn't be all that hard. The worms already have their own SMTP engines these days. The leap is small. Let's hope they don't make it, but let's think about how we're going to control it when they do.

    Line of defense number 1: ISPs - if you don't already block port 25 in/out from your dial pools (requiring your dial users to smarthost through your outbound SMTP or send through it directly), start NOW. The ass you save will be your own. If we all do this (my employer has done this for years) we will cut off spam.