Slashdot Mirror
Klez, The Virus that Keeps on Giving
kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson."
God bless microsoft email viruses. I'm on a modem for a few weeks and downloading
countless megs of mail viruses is extremely frusterating. Course I'm still
getting sircams.
May they spend the rest of eternity having to listen to Oral Roberts sermons
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
Hrm, I can't think of any practical uses of scripting in emails anyway. Can anyone help me out?
Try operating a legit, non-spamming adult site that's worked hard for years to get a decent reputation, only to have klez emails that appear to come from your customer support email address.
People are going to believe a priest when it's explained that it was a virus; nobody is going to believe a legit company that's operating in an industry where so much spam originates.
Argh.
-b
After getting infected with sircam (My mcafee wasn't updating or scanning properly for some reason) I decided to say screw it, and start scanning email on my server. Now, anything that comes in, gets scanned firts. If f-prot can't find anything, then it gets delivered, otherwise it never show up in my inbox. If you want a look at what I did, check out my scanner.
telnet mail.xyz.com 110
:)
;)
user (username)
pass (password)
list
top (number of message to check) (kb to read)
dele (message to delete)
retr (number of message to read entirely)
quit
Quicker, cheaper, easier. This was one of the best tips I got from a friendly sysadmin.
Of course, I would ask why CmdrTaco didn't check the RFC, but hey, who am I to question slashdot's leader?
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
They infect or have infected 7.2% of all computers. (more than any other virii)
A windows version for cleaning your pc of Klez. (and removes Nimbda, Melissa, etc.)
The number of virus alerts I get from my mail gateway has been inundated with Klez for the last week or so. Identifying remote infections was at least possible with Magistr variants, as it only did minor iterative changes to email addresses. Klez lives on an entirely different stratum of nuisance.
"Course I'm still getting sircams"
I've been working for 2.5 years for a company that uses Exchange and Outlook. Most of my friends and colleagues use Outlook or Outlook Express at work and home, although I still use Netscape for personal stuff. I've received 2 email viri ever, and neither of them were the "common" ones like Melissa or SirCam. It leaves me wondering if people are making a big fuss out of nothing, and being a bit sensationalist or simply an anti-Microsoft bigot.
Works wonders
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
The worst thing about that virus is that it has massively hit a lot of mailing-lists.
Interesting threads on mailing lists died because of this. People got insulted although they didn't send anything. A lot of people unsubscribed from mailing-lists due to this.
So people installed antivirus software, personal firewalls, etc. The result was that on mailing-list, instead of having tons of viruses, we got tons of "alert: you have sent a virus, it has been removed by our robot", that is as frustrating as the original virus.
Thanks a lot to Microsoft for being responsible of the most annoying viruses so far.
{{.sig}}
to use a Mac.
(-1, Raw and Uncut is the only way to read)
The patch that prevents this has been out for over a year now. It's downloadable here. Microsoft included the patch with IE6 and IE5 SP2, so if you have either, you don't need it.
Good dose of blame goes all around here.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Klez passed through my work a ways back and ever since then we've all been getting all kinds of spam. From what we can figure, the virus replied to all kinds of spam with the From line set to everybody's email address, including mine. So even though I hardly ever give my email away except for work issues, i'm now inundated with spam. Makes me think that someday some spammer out there will write a virus solely to collect email addresses.
www.mailwasher.net
it's easy to use (imports your mail addresses directly from most popular mail clients), scans the mail server and gives warnings on possible virii and spam. As a bonus, it not only lets you delete messages on the server before you download them to your email program, it also lets you send back fake bounces to spammers.
the interface isn't quite as nice as i'd like, but it does the job.
Moral indignation is jealousy with a halo - H. G. Wells
A week or so I start getting all these emails from different mailbox administrators, etc. informing me that emails I was trying to send had invalid addresses.
I'm looking at them and it shows my address in the from area and it was mostly spam for beastiality sites. My wife went ballistic.
I got tons of them back as undeliverable. How many made it through? And now people think I was sending them spam for a porn site.
They were coming back to my wife's WIN98 machine, so she called MS. The help desk chick tells her "Someone else has a virus and it is sending out emails w/your address" So my wife says "What do I do?" and they tell her to update her virus definitions. My wife said, "But you just told me that the virus is not on my computer, someone else has it. Is there nothing that I can do?" the girl says "Well download new virus definitions and check for service packs"
The whole thing was rather humorous.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Ever since we stopped allowing people to receive executable attachments (thanks to MIMEdefang!), the virii have all but disappeared. There is no need to scan for virii on a mail server. Just get rid of executable attachments (there's a big list of them in MIMEdefang's example configuration). All these trojans use stupid Outlook auto-execute tricks/bugs/features to propagate. Executables shouldn't be sent as a direct attachment anyway. Either wrap it up in a zip file (the recipient has no excuse when he infects himself) or put it up on the ftp site and send a URL. This has got to be one of the basic elements of securing a network where Outlook users lurk - no executable attachments (picture Joan Crawford on a rampage).
MIMEdefang also gives us the ability to call Mail::Spamassassin from a sendmail Milter, something Spamassassin itself does not yet support. The latest version also supports the File::Scan module for writing virus scanners in perl.
Edith Keeler Must Die
http://www.ultrafunk.com/products/popcorn/ is the website for the program.
I have nothing to do with the program or its development, I'm just a happy user.
it's not the *physical* harm... it's the freaking man-years of time that is wasted. IT departments are strapped enough as it is, but then lump on top of that all of the time spent chasing crap like this down, and it *is* a strain on resources (bandwidth, server drive space, and the valuable attention it takes to diagnose and resolve a particular problem). The cost is real. Whether it's $10B or not, I have no idea, but it certainly isn't trivial.
No man is an island, but Gary is a city in Indiana.
We got hit by Klez (AMG; allmusic.com). Let me tell you, it SUCKED. This was a really potent virus. It got in through our video department (somebody opened an email...) and from there, it spread through some shared network apps. Within an hour or so, virtually everyone was toasted.
Since this one spread through exe's, and since it was one strain of like 20 different Klez variants, cleaning was a real bitch. Luckily, I'm in programming, so I didn't have to do much of the visit-everyone's-machine thing. I did have to format my box, tho, as all my applications (including system apps) were hosed.
mike feldkamp
I've been getting lots of Klez.
It is Yet Another virus that is grabbing email addresses from browser caches, as far as I can tell.
I have taken new measures to shield my email address from ending up in a browser cache, e.g. setting META no-cache directives.
I love KLEZ.G. I had Trend Micro's evaluation corporate scanner installed for the lst month and still got infected by it. I'm now using Sophos which cleans it, but the virus seems to corrupt a DLL upon first use so after installation I go to safe mode and run the scanner with 'DELETE'. KLEZ.G overwrites the exe instead of just 'patching' it so there is no disinfection. Bugger of a virus to deal with, and my office (we're a management company) has infected some of the hotels we manage. Luckily our video stores run DOS and an email program which doesn't allow/use attachments.
McAffee didn't say anything about this virus either, though I'll admit our virus files are from early this year.
I've now set all the outlook express clients to run in restricted security mode now, though, so we likely won't have much more of a problem in the future. Didn't infect Outlook, though, and obviously didn't infect other clients.
-Adam
I bet these people will be raided very soon by the FBI.
Ergonomica Auctorita Illico!
MIMEDefang
stopped Klez cold at my clients' sites.
Just when you thought amavis was the cure for the odd little virus the odd little user would pass along, here comes Klez.H. Our helpdesk account receives 200+ "WARNING VIRUS IN MAIL ADDRESSED TO YOU" from amavisd. Yesterday, as I am on the security bitch list, I get a call from a "Senior Security Admin" for the Naval Intelligence Service (is there such a thing???). He was complaining that their sensitive e-mail accounts were getting hundreds of e-mails from foobar.edu e-mail addresses and that we need to put a stop to it. Take clue-by-four from scabbard. Take aim. Beat. This cat didn't even know what the Klez virus is and claims to be a security maven for the military. WTFE. After he yelled at me for lecturing him on how to read e-mail headers, he asked me what the solution was. Simple: ban the use of Outlook. Huff. Huff. Huff. "We can't do that! We have a contract with Microsoft."
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
The plural of virus is neither viri nor virii, nor even vira nor virora. It is quite simply viruses, irrespective of context. Here's why.
Pretty funny.
Keep in mind the hundreds of priests now being wrongfully prosecuted due to a stererotype that is spreading like wildfire. Bear in mind how it is ruining their lives.
I love how on slashdot, insults and slander made about religion are modded as funny, yet if I were to say, "Porn from black people? What was it, pictures of fried chicken?" I'd be modded as a troll. It's all ignorance; it's all slander; it's all hatred. Stop modding self-righteous science-worshipping trolls like the parent up.
Although, I'm sure that now I'll be modded as a troll. Whatever.
Dare to think for yourself.
We dance to all the wrong songs.
--Refused.
Unfortunately Microsoft can't take ALL the blame for the problems of Klez... The SMTP itself is inherently insecure to begin with and anyone can send mail that looks like it is from anyone else. Of course you can deduce that the mail is probably not from the source it says it is by tracing the SMTP headers back, but that's esoteric geek knowledge that not many people have relative to the total number of people who use email.
We just finished replacing GroupWise 5.5 with Exchange 2000 at work (Fortune 1000 global company) 3 weeks ago. We run Norton AV Corporate (push down new defs the minute they come out). We are running Win2k 75%, Win95 25%. All Win2k machines are SP2 and Feb 2002 security update. We haven't seen *1* instance of this lovely virus as the desktop. Actually, we haven't seen an email virus strike yet (crossing fingers). Hire good people, you get good results. Jason
Ever feel like you are driving the getaway car?
is for the World to begin the arduous and expensive task of removing Microsoft software from their computers.
The first step is to eliminate Outlook for e-mail. There are other options, even Emacs, that really aren't too user unfriendly.
The second step is to eliminate Office for shared documents. There are other options, perhaps Open Office, that will be less prone to viruses and will be more maintainable over time.
The third step is to begin evaluating other operating systems besides Windows. This is harder, because it will be difficult to replace all the software that was useful in Windows. Over time, however, a fairly comprehensive list can be developed, and a plan can be made to make the switch to a non-Windows OS.
The fourth step is to take the plunge and dump Windows entirely. This may be the hardest step, because this is where the most learning needs to take place. But it is just a matter of time before users adapt to the new environment.
This is what I have been doing at home and know it isn't easy to make a full transition. However, I have found adequate replacements for nearly everything and am pretty satisfied with the results.
This doesn't have to be an all-Free-all-the-time solution, either, because there really is a way to mix open and closed software to meet your needs. It just takes research, time, and patience to find that Microsoft really doesn't rule the world at all--they just want us to think they do.
Healthcare article at Kuro5hin
...but luckly we aren't affected since our Exchange server has quarentined each email with said virii.
.NET Framework, C#, WinCE, and my XBox. But who in the world would use such a POORLY DESIGNED email client at home? I've never been convinced about the whole "IE should be removed from Windows" nonsense, but I think that outlook should be considered a TROJAN and removed by virus programs.
And for more redundancy, I'm also not affected at home - because I don't use OUTLOOK! I love Win2K, the
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
On one hand it's a shame that the virus flooded his mailboxes... but if he's using a free email account to conduct business then, well, he should know better. It's not like email accounts are all that expensive.
mark
If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
For work I communicate with a large number of Pakistani, Indian, and Middle Eastern students and student wanna-be types. I get flooded with whatever virus is current...
hmmm, that web interface look suspiciously like squirrelmail.
n +maildirs and all mail problems tend to disappear.
IMAP Rules, plain and simple. Take an old PC, throw Debian on it, and use courier+postfix+squirrelmail+procmail+spamassassi
The person who wrote this spent some time thinking of the way to do the most damage. This virus nails you to the wall the instant it infects someone who just has your email address. That was some vicious thinking. The problems caused by this virus actually extend into social engineering. Pure genius.
Makes you wonder what else they'll come up with...
Maybe someday we'll have security, and patch this sort of thing...
Hell is being intelligent in a world full of idiots.
Ive never had a virus, I have been clicking away at a console for over 20 years, I have owned a personal computer since 1978. I have never had a virus on my computer, knock on wood. It is I must say proabably a combination of sheer dumb luck and the fact that I dont click on emails that say BRITTANYNAKEDPICS.EXE.....But so be it I am lucky.
That said my mom was in the same boat, the lan at her store has now 8 nodes and is pretty killer for a rare bookshop. Last saturday I get a call, half afraid to tell me whats going on, the line is slow, this that the other come down and look. Frigging virus variants running amok. I can say my Aunt felt bad it was her and she knew it. Being a family diplomat in the brady bunch land family I live in , all I could say was "No , its my fault for not keeping the AV server updated" then I realized the crap I just said so she wouldnt feel bad was true. They are firewalled to hell and back. They have AV clients on all the systems, and still they got nailed, why ? human error. not hers , mine.
It was nothing to clean and had just started the night before. but were talking a catalog of 250000 volumes at risk totaling over 4000 man hours of entry to create. Whew.....I lucked out, It wasnt corrupted (the most recent backup was 1 week ago) but they are spending over 150 hours per week cataloging all the volumes they have. Its tediouis work all hand research and grading. Not like a first edition signed copy of "Steal this Book" is something that has an ISBN. (They actually put one on their front shelf, I said, hmm a 500$ book that says steal me on it, they walked over and grabbed it putting it in a safer location)
All this work could have been EASILY lost, but there was a recent backup and 2 the damage was minimal at the point I snagged it. The potential for disaster here was big. Until last week I would laugh when someone got a virus doing untold damage. I think this one hit a little closer to home, I am the protector and architect f their IT enviroment. Basically if it happens on your systems or systems you take care of its your fault one way or another its your fault.
Sig went tro...aahemmm.....fishing........
The real problem is that Klez is emailing itself from an infected machine to a flood of people using your and my email address in the From: line. Not only does this cause a ton of people to respond to you and me saying "you must have a virus" or thinking that we really think that this penis enlargement solution works (or that we need one) -- but, it distributes your email address to others who may potentially get infected themselves, who may in turn infect others. Next thing you know, your email address that you've been so diligent about keeping somewhat private is inundated with spam and viruses.
I also use Outlook, and I have had no viruses. I suspect the reason is that neither of us has any friends.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
I've used a ZX81 since 1982 and have never been infected by any virus.
Use of an obscure OS is not really a legitimate excuse.
That is what happens when you don't use protection
Yes. Remember. when you have unsafe email with
someone, you're having email with all the
other people that person's had unsafe email with...
or something like that.
Mod me down and I will become more powerful than you can possibly imagine...
Sig: What Happened To The Censorware Project (censorware.org)
I got infected by the Klez virus at least 15 years ago. I heard tapes of the Klezmer Conservatory Band, the Klezmatics, Brave Old World, and reissues of Dave Tarras recordings from the 20's and 30's. Believe me, it just gets worse. Last Saturday (after sunset), I was at a klez jam, about two dozen people playing clarinets, fiddles, accordions, etc., and it lasted well past midnight.
Makes it difficult to get up in the morning and go to church, I'll tell ya.
Haven't confessed it to any priest yet, though. I'm not sure I'd trust the priests here in the Boston area with such information.
There doesn't seem to be a cure, either. I don't know anyone who caught this one who ever got over it.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
The church has a bigger problem since it sat on allegations of criminal wrongdoing. Well-run companies punish employees who abuse their clients; the Catholic Church appears to have protected them, by avoiding publicity through payoffs and moves (without warning the receiving parishes) and not alerting civil authorities.
Only the dead have seen the end of war.
Call me lucky, but the last time my inbox received an e-mail virus was in 1999 (guess which virus it was. . . . Happy99, heh).
I believe in stems from not having compleat idiots having me in their address books.
Smart friends == no virus' in email.
Hey, just out of question, what plurality of Virus are we supposed to use this week? Last time I was flamed for using virii, and I see flames over viri and virus' as well. This is getting waaay to annoying, it was so that awhile back pretty much everybody had agreed on virii (may not be historically proper but at least it ended the debate) but I want to know what {censored} started the debate back up again?
Need help treating your acne? Come here!
Keep in mind the hundreds of priests now being wrongfully prosecuted due to a stererotype that is spreading like wildfire. Bear in mind how it is ruining their lives. blah blah blah...
These "hundreds of priests" could have kept a good name if they had just policed themselves a little better. Because the Catholic church is not a democracy, they feel they are above laws that govern normal men. They give figures like it is only 1.5% of the priests doing this (figure from Meet The Press last Sunday), but that still means that it is 600 priests guilty of this. Assholes like Cardinal Law, who helped cover this up, and would just move them to a new place to continue molesting kids, deserve a nice span of time in jail as accessories to these crimes. The image of Cardinal Law being buttfucked by some skinhead in the shower would be a fitting punishment.
Unfortunately Microsoft can't take ALL the blame for the problems of Klez... The SMTP itself is inherently insecure to begin with and anyone can send mail that looks like it is from anyone else.
But only Microsoft provides a hands off and automagic way for somebody to take advantage of the insecurities in SMTP with little trouble.
Thats what is so bad about these little episodes. SMTP has existed since the early 70's, yet e-mail born viruses that take advantage of the SMTP header spoofing have only existed a few years.
Hmm.....
Do you have Linux and a DotPal? Click here now!
Klez was very slow to spread at the beginning. Even if for some odd reason someone STILL doesn't block dangerous attachment types, they should have updated their AV software by now. I mean, they all do it automatically. If you aren't blocking attachments and running a GOOD anti-virus software (I recommend Antigen for Exchange) you better get that resume ready.
It's a description of badtrans not klez.
I've been getting the wierdest little pictures from this latest virus. I dunno if they are swiped from someones drive or part of the virus itself.
Running 100% MS software, off-the-shelf NAV, and good ol' 56k dial-up. ...No Klez, Nimda, Melissa, or any other damn virus... The trick? Very picky about who gets my email address, don't register for anything online, and am very particular about what software/files I download from the 'net. I am reading about you guys who are getting clobbered with multiples of thousands of hits and don't understand how you can live like that. Sorry to put the damper on the anti-MS guys, but that isn't the problem here; the users who don't update their virus sigs, don't pay attention to their email clients (what do you mean I have sent a bajillion messages?), and don't understand what the hell they are doing online to begin with (don't even get me started on opening attachments). This makes for great sensationalized news (OH MY GOD, ANOTHER VIRUS), but for true users, it is not news. Yeah, I am going to get modded to death here, but sick of the bitchin' and whinin' about viruses -- it is a price you pay to play.
...we are from the government - we are here to help...
We've actually chosen to stick with GroupWise 6 for this very reason.
Imagine if enron got infected with one of these worms?
-- If you try to fail and succeed, which have you done? - Uli's moose
OT I guess, but... a headline I saw recently:
Priests Decry Witch Hunt
All I could think was "What comes around..."
>Executables shouldn't be sent as a direct attachment anyway
Why not? email is a great way to distribute all sorts of binary files; send it off and forget it. No waiting for slow HTTP downloads.
Email programs that auto-execute received mail are broken! And user's should not execute anything without knowing the sender. (And MS shouldn't disguise that clicking on something that looks like a JPEG is actually going to launch the program!) And why should I have to manually compress files before sending? Computers are supposed to make my life easier.
Gosh, we're being accused of ignorance and hatred by someone who appreciates (and may even be a member of) the Catholic Church.
I think we should appoint some inquisitors to research this.
--
E_NOSIG
Ok, I know that many worms have been propagated through MS LookOut, etc, through the years, and I've been on the sysadmin end of shutting them down and cleaning them up. But, you can't blame MS quite so much for this one. For one thing, the vulnerability has been patched for an entire year, so anybody who is still vulnerable isn't really trying at all to stop it. For another thing, the security settings in Outlook XP (and I think 2K, IIRC) are much stricter by default. I've actually opened these klez emails, but Outlook won't display them. It says something about having HTML that it won't display, or something to that effect. It also won't do .exes, .mdbs, etc without a registry modification, which has annoyed me on occasion, but is doubtless much safer than the previous way of doing things.
Let the flames begin.
...they'd be pictures of 8-year-old boys.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
IMAP would allow to get all the email, minus the atachments. You can pick which attachments you want. People, read the IMAP spec. It offers so much that ppl dont take advantage of.
According to M$, if you use
IE 5.5 Service Pack 2 or IE 6, the MS01-027 patch is included.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
I'm using evolution as my mail client. I can't seem to come up with a clever filter that will remove the Klez emails I receive.
I guess it's just more of an annoyance, but if anyone knows of a good regex filter that I could use, it would be great!
I'll second the recommendation for The Bat. It rocks, and I gladly paid the registration fee.
ditto. It requires a brain and the ability to understand a few dialogs in the "security settings". Rules out about 80% of the population.
DO NOT DISTURB THE SE
Religion is the cause of 90% of all wars.
How many wars has science caused?
(cause is the key word)
THERE IS NO DATA. THERE IS O
Many ATMs and cash registers run OS/2, but you don't hear about it because there is no problem.
Fight Spammers!
I before E - except after C - when the sound is "ee."
:)
When the sound isn't "ee" you're on your own.
The image of Cardinal Law being buttfucked by some skinhead in the shower would be a fitting punishment.
This is the kind of stuff that gets +1, Insighful nowadays?
The parent post was talking about those wrongfully accused of these acts, not those who are guilty of it. Or do you think everyone who is accused is guilty? (Would such a post get +5, Insightful, too?)
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
.....Any of the posts today at slashdot. They are all either from dead slashdot readers or are from priests! I checked them all out!!!!!!
What they are blaming is that the entire church as an organazion tried to cover this up in a way that perpetuated the problem. The organization deserves all the ridicule and disgust theyre getting for that.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
This next song is very sad. Please clap along. -- Robin Zander
i am green with the procmail recipies, but from what i understand from looking yesterday, procmail cant look at mime attachments? how come?
there's really no good way to filter this in the body or headers, due to the randomness, correct?
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.
No, no questions - lol.
It had a nice executable with the worm attached, too. :)
I got tired of dealing with my users' virus problems a long time ago. So I wrote batemail. It's a Perl script that you slip between your MTA (e.g. Sendmail) and your local mailer (e.g. Procmail) that filters out ALL executable attachments.
I've been using it in my production environment for over a year now and it works like a charm. And it's open source, too!
Lets say some engineer at GM thinks "Hey I want to make changing the oil in the car as easy as possible so I'm going to put a button on the dash that opens the valve and dump the oil in a nice neat container".
Neat idea...except when you are driving down the highway at 80 MPH and someone hits the "OIL" button and dump your oil out of the engine.
What is boggling is that Microsoft designs in features just like the "Oil" button and then tries to play blameless. "Well obviously you aren't supposed to script e-mail that way". That is interesting logic but that doesn't fly for real world engineering. "Intedend use" and "capabilities" where one is clearly more important than the other. Microsoft can not place "Oil" buttons in their software and think they will only be used as intended.
The core problem is that Microsoft continues to write applications, and worse, data formats that break a cardnal rule: programs run data not the other way around.
Another thought to think of: Read the license on the software. Almost any software makes a "No Warrenty" claim on their stuff. If installing the software and using it corrupts data, causes natural disasters, makes your machine blow up, you can not blame nor are MS, Linus, etc. liable for fixing it, replacing it, etc. You use the software and you are on your own. This falls squarely under that.
Of course this absolves MS of blame but then again, why again do PHB think that MS software is great?
I'm questioning whether Microsoft fixed this bug at all. I really am.
Okay, I'm familiar with the bug which Klez and others supposedly exploit, and its fix (supposedly IE 5.5 SP1 or greater) but the fix does not seem to do a darned thing. I've installed every service pack for IE under the sun, and still no good.
On computers that I've installed IE 5.5 SP2 on plus all the other recommended patches, they still have the vulnerability. I've seen users with 5.5sp2 just click on (not open) an email and it automagically loads the virus du jour. Fortunately, McAfee stops it before doing any damage, but it still irks me.
I've installed all the fixes suggested by hfnetchk and/or "WindowsUpdate"... and I'm at a loss. This vulnerability seems to be pretty ubiquitous across all of our NT4 and Win2k machines, which all have IE5.5sp2. Is there anyone else out there that is having similar problems?
Ceci n'est pas une pipe.
> I'm afraid that the original poster is correct, the only place you'll find an adult site's reputation being seen as good is at their colocation (bling bling) and a pedophile convention.
Why would pedophiles care about an adult site?
Virg
Having said that, I know the problem is common for others. I have worked as an admin/infosec type for a large US Government agency installation and seen email virii (yes, I know its "viruses", but that word is so... ungainly) cause a lot of trouble. And I have seen the same issues hit a major tech company I worked for too. Sure, these organizations are able to control the damage. But there is an initial reaction period that is uncomfortable and a long period where the infected traffic continues to hit the organization (albeit ineffectively).
But this traffic does not just hit large organizations. I have a small business client who seems to be a magnet for MS email virii and trojans. I suspect it has to do with his clientel who in turn tend to be less computer literate and therefore excellent virus vectors with his email addresses / site URLs waiting in their mail boxes and web cache.
Why not? email is a great way to distribute all sorts of binary files; send it off and forget it. No waiting for slow HTTP downloads.
No, just a slow POP3 download.
And why should I have to manually compress files before sending? Computers are supposed to make my life easier.
No they are not. They are supposed to support the stock price. Silly boy. Go sit in the corner!
Just think - if computers actually DID make your life easier, you'd never want or need to buy another one. That kind of short-sighted business model may have flown in early 2000, but this is 2002. The bubble has burst, it's time for real business.
Edith Keeler Must Die
Are you sure you don't mean "persecuted"? Still, the parent post was a joke, and jokes often lampoon groups of people for humor. Whether it was tacky or not really depends on the listener.
Also, where did "science-worshipping" come in? How are you to know that the post wasn't written by a Catholic, or even a priest with a wry sense of humor?
Because you toss around baseless accusations while decrying baseless accusations in others, you shouldn't be modded as a troll. The problem is that "-1, Hypocrite" is not available, and so that's the best choice in the list.
Virg
We did not get infected, did not see the virus within our system. Yet how many man hours did we waste fighting this virus?
Couple man hours ensuring virus sigs up to date on all servers, distributed to all desktops.
Couple hours reasearching the virus. A few hours checking out the sandbox to see what the virus is doing. An hour writing a report and sending a summary to users. Several hours answering users questions.
Then the virus starts spreading. Yes, we know the virus forges the sender's address, but every bounceback and claim of viruses originating from here were checked (due diligence). Dozens of man hours spent scanning machines we knew were clean. Spent checking email logs to ensure the original message never actually passed through our email server.
More hours spent answering calls about users who are now getting bombarded with the virus emails, who don't yet understand that "virus stripped" means it's clean and can simply be deleted.
How many man hours is that? Close to 100 hours by my estimate; $5000 wasted on this... and we weren't even infected. No system downtime. No lost files. No (major) interruption of resources to users. Just me and four other techs taking time out of our regular schedules to do fight this.
I don't have any idea how much it would cost, in terms of man hours alone, if we were to get infected. I'd hate to find out.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
It has nothing to do with anti-religions slander. It has to do with poking fun at a current news topic.
If the media for the last few weeks had been full of articles about black people molesting fried chickens, then your post would have been modded up to funny too.
Besides, it's not ignorance, slander or hatred. It's humor. Just because your sense of humor doesn't include the post you are flaming doesn't make it not funny. It just makes it not funny to you.
The one thing no one ever seems to realize is that things external to yourself don't have the ability to directly effect your emotions. Only after being processed by your brain/soul, whatever you choose to believe in, do these things have the ability to affect your emotions.
So, just because this post angers you and you don't find it funny doesn't mean that the post is angering or that the post is not funny. The post has no such properties. It is just words. What it means is that the post angered you and that you don't find it to be funny. This may not be true for all people, or even for most people.
So, you are a bit pre-mature in your flame of what I thought to be a simple, but effective, joke.
"But that's just my opinion. I could be wrong."
Justin
...all I get is a little 2KB-3KB email. No attachment, no virus.
Attempting to view the email just gives me "This message contains script, which Outlook cannot render" and a blank message window.
Oh, BTW, I'm using Outlook 2002 configured to view all HTML emails as if they were in the "Restricted Sites" zone, so I'm not sure how that would affect things.
And I know for a fact that I'm not infected (have run NAV Corporate numerous times, and have checked for the 'Klez' registry keys and filenames and found nothing).
I'm rather curious why I seem to be getting nothing but duds. Could Outlook possibly be protecting me from Klez?
* Q
P.S. If you don't get this note, let me know and I'll write you another.
All in all it works pretty good, we don't have Klez, we get a ton of it but it is all filtered at the server. Personally I think that someone who ends up sending everyone in thier contact list is going to suffer a bit of a hit to thier proffesional reputation. Over the past week or so serveral people in the company have been getting "you sent me a virus" messages. No we didn't! I've been over the whole company with a fine toothed comb, we don't have this thing.
The fake email headers are really this virus' claim to fame. What a freaking disaster.
The problem with bad priests is the same as the problem with bad cops: it's very unlikely that one can be abusive without others being aware of it. So perhaps it's only a small percentage of priests who molest children. But the fact that many more knew about it, and kept silent, even when these molesters were put back in the charge of children, is equally damning.
Also, tell me, where are your statistics for "hundreds" of priests being "wrongfully prosecuted?" I read of people flocking to churches to support those priests who have not been accused. And being the butt of jokes is a small price to pay, and the cost of doing business, when you sign up for an organization as powerful, arrogant, and insular as the Church.
"Hardly used" will not fetch you a better price for your brain.
I've obsessively watched my parents' email accounts ever since my dad asked me why Teenage Girls Want To Show Him What They Do In Locker Rooms.
In the past 2 years, I think I've gone through about 30 email accounts for them. Without exception, they receive little to no spam, even if the account is frequently used (so random address generator bots aren't THAT good yet). However, in every instance that they give an address to 2 or 3 specific friends of theirs, within a week their inbox is full of crap. These particular friends are notorious for mass Fwd:'s.
I've concluded that somehow one of these idiotic spammers has either written an address gathering virus, or is somehow picking up on mass recipient lists. Anyone else see this sort of patten?
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Does anyone have a sendmail configuration to reject Klez?
--
http://www.aikiweb.com - AikiWeb Aikido Information
Oh, well, then if IT departments working to clean up the mess left by viruses can be counted as a dollar cost, I'd like to see a comparative study done of the dollar cost due to unprovoked Windows crashes.
It is also probably worth pointing out that these viruses wouldn't be nearly as plentiful had it not been for the 25-years-and-counting history of bloody-minded engineering incompetence freely practiced up in Redmond.
Schwab
Editor, A1-AAA AmeriCaptions
I got sick of all the spam, all the chain letters and all of the virus's. So I decided to run my own small mail server. I changed my email address and only gave it to people that would not open foolish attachment, and would not forward crap on to me.
:-)
Running linux the virus's aren't a problem, but downloading and the wadding through hundreds of emails sucked.
I then use procmail along with spam assassion. Now when I check my email there is usually one or two messages, and they are relivent.
Even the mailing lists I'm subsribed to get put in a sepereate folder.
I can't complain at all anymore.
What about those less the brillent friends that are still affected? Well I leave icq and aim running so they can just leave me a message that way.
Hey if my mother can avoid getting infected with these stupid virus's so can you!
I keep hearing about these "email viruses", how do I enable support for that in Evolution? Or do I have to wait for the next version? I hate missing out on all the cool features.
sic transit gloria mundi
Maybe I should just tweak Klez a bit so it removes me from anyone's address book. Yeah, that's it! Anyone one else wanna add their addr to the cleaning list?
I am the network administrator for the Absentee Shawnee Tribe of Oklahoma, recently we were assaulted by no less than 5 variants of the klez worm. Klez.C,E,F,G, and H... WATCH OUT FOR Klez.H!!! It is stinking creepy smart! Not only does it play the normal irritating klez crack games with your email system, it also knows how to delete your antivirus software (I've observed it doing this to Norton, McAfee, and InoculateIT), but worst of all, given time it actually knows how to write into motherboard and video card bios space on reboot with win9x! (it does this even if the stupid "boot virus protection" is enabled in the bios and bios flashability is TURNED OFF! This is NOT a joke or a prank, this thing is freaking dangerous. I've already sent emails to Computer Associates, Norton, and McAfee... be careful people, be bloody careful
-----------------------------------------
Remove the Greed which plagues mankind.
in main.cf:
\ ? =)?(\.)?/ REJECT
body_checks = regexp:/etc/postfix/body_checks
in body_checks:
/^begin(-base64)? [0-9]+.*(\.|=2E)exe(\?=)?(\.)?/ REJECT
/^[^]*(body|filename|name=).*(\.|=2E)exe(
You have to do the same two lines for bat, pif and scr (put them where the above two lines say exe) I could not paste them all due to the lameness filter telling me to use less junk characters.
What were the skies like when you were young?
So much for HotMail's server-side scanning (it uses McAfee AFAIK). I've seen it block attachments with viruses before, but I guess it's not 100% effective (after all, it is a MS product!).
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
Well, science terminated WWII.
An educated guess is that the shortest conflicts
where those where one of the participants had
access to (or developed ) a superior weapon
(sticks, fire, bows, catapults, atomic bombs etc),
The antithese would be WWI where the technical
level was equal.
No, *the* most interesting quiestion is; How many
wars has science prevented? How many has religion?
I finally managed to escape the hell that is a Microsoft Outlook-only office environment ("Eudora? But it doesn't have that calendar thing...!") by quitting. Between the vulnerable software and the uneducatable(?) users, it just wasn't worth the effort.
Then one day I received the following call from the new IT manager:
Me: "Hello?"
Him: "Hey, it's W****n, can you come in here today? Our server is doing weird shit and everybody has that new virus thing."
Me: "Well, so, fix it!"
Him: "I can't figure out the server config, and you have the antivirus software!"
Me: "Christ, I took you through the server setup for almost a month! I printed out the specs and shit! They're in a folder on top of the f**king thing! And what happened to the NAV Corp Ed subscription?"
Him: "Uh, I can't find it. We thought you must have...taken...it...hello, what's this? Hey, it's from my ex-wife! I wonder what she's sent me..."
Then he opened it.
True story.
I run OS X, Win98Se, FreeBSD & Solaris 8.
I don't use Outlook or Outlook Express.
All the machines are configured to recieve mail.
I haven't seen one Klez yet.
I think I might be a total loser. How on Earth is it possible that I haven't ended up on a least one stupid person's email address list? How can it be?
Have I no friends?
I am so ashamed....
This
I have written instructions on setting up Postfix to work with Sophos Mailmonitor. I like this solution because the API between MailMonitor and Postfix is pure, regular SMTP, not some vendor unsupported addon. I can telnet to the port the Mailmonitor SMTP server runs on and troubleshoot, knowing that any errors in this part of the operation are the responsibility of Sophos, or alternatively that if the SMTP server on this port is fine, my postfix config is at fault.
They fixed the hole a year ago. This problem isn't happening because of Microsoft, it's happening because of people that don't patch their systems.
Good call... The guy you're replying to actually had the temerity to defend the Catholic Church instead of knowing that, of course, any freethinking person could safely assume the opposite without having to think about it.
It's also commendable that you were able to come to the correct answer so quickly, and with so little reflection.
The speed of your openmindedness is remarkable.
Come on, give it up, that's
You know that atheism is a religion, right?
THERE IS NO DATA. THERE IS O
Well if the wars were not started to begin with, how many would that leave?
THERE IS NO DATA. THERE IS O
I'd like to see the raw numbers on that one. Are you counting them one-by-one, or what?
WWI , WWII , American Civil War, Vietnam, Korea, Gulf War, Hundred Years War, on and on. As a matter of fact, it's kind of hard for me to think of any recent major wars which were caused by religion. You're so wrong it's hard to describe it in words.
And if you count by number of deaths, then the figure is more like 5%. But thanks for playing.
Come on, give it up, that's
Since Catholics believe that Adam and Eve are our ancestors, that means original sin is guilt by heritage.
P.S. don't let the Church hear you speak out against their dogma. You saw what they did to Galileo...
A man who wants nothing is invincible
No, the lesson is, 'ditch Outlook and IE and Windows for that matter, and run something that has the decency to treat mail and news as freaking text' O_O
Despite its superiority for most applications (including spamfighting), IMAP is still losing to POP and will continue to do so for some time. Why? Because ISPs (and other mailbox providers) don't like providing diskspace for their users' mailboxes. A huge mailspool is bad enough, but the default behavior of most POP clients will is to move a user's incoming messages from her inbox to her PC -- removing the burden from the provider.
It's a perfect case of service-provider myopia, too: if the technology were better applied, IMAP clients might be able to delete viral attachments (or IMAP servers might strip them out) before they're even downloaded, cutting down on virus retransmission, and eventually reducing the overall storage requirement of those users.
As with everything else, the best solutions to the spam problem will only be available to those savvy few (hey, that's you!). Unfortunately, just like with a communicable disease, you can't just cure a few people -- you have to cure the whole population.
Honestly if someone ELSE has a virus and is sending out your emial address what is MS going to do over the phone with you that is going to stop it??
MS tech support did not write OE, the OE patch for this has been out over a year and making sure YOU don't get and send the virus is about the only thing they can do for you.
Don't want a virus? use kmail (*nix) or pocomail (win*).
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Its really not that hard to use outlook and not be effected by viri.. just some people are stupid..
Of course the best way to stop this trash, especially if you are on a modem, is to only grab the headers and delete the stuff you obviously dont want.
Mailwasher is the best I've found for doing this. Not only will it delete from the server, but if it's a notorious spammer then you can tick the bounce box and it will reply with a user unknown error, hopefully meaning you'll never be hassled by those morons ever again.
Pretty effective, and made my life a whole lot easier. And best of all, from their page... "It's free. That's right, you can keep on using this program and it won't expire. You are offered the chance to register MailWasher and pay a price you think it is worth. Think of this payment as a tip - so please contribute something."
Enjoy peoples, and go easy on their server (if I had a decent connection myself, I'd post a mirror, but alas)
Glenn
The Smrt way to trade CFDs on the ASX
Cable 'modems' and DSL 'modems' are actually bridges. I guess DSL still acts as a modem, but anyway...
Sure they fixed everything after their viruses reached the tv news.
But seriously if you are the largest software company in the world you should have known that having your email client automaticaly execute anything it receieves is not a good idea.
I finaly printed my address book out on paper. I put the address on it as a barcode. Now I e-mail people and put in addresses in via the free scanner provided by Radio Shack. Now if everyone would delete their electronic address books, much of the MS spread security problems would go away.
Not many people would drop the convience so I don't see this as working. Too many users just can't be bothered to keep up on security and are way too willing to run an attachment sent to them that is supposed to keep them from getting a virus. It's OK to send me a virus warning. Don't send me an attachment to fix it. I'll check the usual trusted sources for the description and measures to fix it. Too many viruses are spread via social engineering.
The truth shall set you free!
Thats what is so bad about these little episodes. SMTP has existed since the early 70's, yet e-mail born viruses that take advantage of the SMTP header spoofing have only existed a few years.
This isn't only a windows problem. It's relatively easy to write a shell script to set an arbitrary from: line in an email. Heck, you can edit your user-domain= in your ~/.pinerc and send mail "from anywhere". Nevertheless, the fact remains that a great majority of spam comes from sysadmins who don't know how to configure their
Please, check your
sig?
No, the plural of virus is Microsoft.
It's your choice to remain a part of the Catholic church.
The inquisition still exists. I forget its new name, though.
--
E_NOSIG
Twenty nine minutes, according to the timestamps. That's quite a lot of reflection for around here. Add in the twenty five years or so in which I have observed organised religion, inside and out, and you get quite a well-considered opinion.
--
E_NOSIG
I'm a sysadmin at an ISP, and we have been filtering Klez inbound and outbound for 13 days, and the load basically hasn't tapered off at all. Since we started the Klez filter (thank you, Exim!) the number of bounces in our postmaster box doubled and show no real signs of slowing up.
That is a lot of bounces because we also filter on SirCam (still see some of those everyday), use several RBLs, and have extensive local spam filters and reject lists, as well as optional spam filters for Korean-encoded and Chinese-encoded mail (just rolled them out and over 800 customers have started using them already).
The cost of this is a lot of wasted bandwidth consumed by spam, worms, and viruses, in hardware (we run 4 MXes where two would otherwise suffice, because of the filtering load), and the countless hours we spend each week on defending our mail system and our customers from all this crap.
Besides the usual suspects (MS for their security holes, users for their laxness on applying updates, and the virus writers themselves), I also have to blame a lot of adminstrators for this. Mail admins, listen up! You KNOW Klez is out there and you KNOW it's going through your systems. You probably have a ton of captive specimens of it. Start filtering it inbound and outbound. You're not only helping other admins to control this problem, you're helping yourself.
And let's all be thankful that virus writers and spamware writers come from two camps that aren't likely to like each other, because if they got together and wrote a worm that silently propagated itself and turned Windows boxes into selectively open relays for use by the spammer/authors, that would be a real problem. The scary part is that it wouldn't be all that hard. The worms already have their own SMTP engines these days. The leap is small. Let's hope they don't make it, but let's think about how we're going to control it when they do.
Line of defense number 1: ISPs - if you don't already block port 25 in/out from your dial pools (requiring your dial users to smarthost through your outbound SMTP or send through it directly), start NOW. The ass you save will be your own. If we all do this (my employer has done this for years) we will cut off spam.
And you don't remember any religious persecution going on during World War II? None? I dare say, without his anti-Semitic rhetoric, Hitler might never have come to power. And the Japanese believed in the divinity of their emperor, too--the word "kamikaze" means "divine wind."
At least part of the Arab-Israeli conflict is religious in nature. You just don't see a lot of atheist suicide bombers. A lot of "ethnic cleansing" is done along religious lines as well.
The expansion of European nations into the Americas was often justified under the aegis of "divine right."
That's not to mention the religious rhetoric that's used to get men to go to war. Ever hear the song "Onward Christian Soldiers?"
So the original poster might be a little bold about his statistics...but don't fool yourself into thinking religions have their hands clean, even today.
"Hardly used" will not fetch you a better price for your brain.
I wonder how many responses to Klez emails bounce back with an "address unknown" error?
religion is the cause of 90% of all wars.
I think what you mean to say is "Religion is used as a pretext to start 90% of all wars." It's really about selfish ambition. The Crusades were about land and loot, not christianity, and Osama uses islam to further his call. Kind of the same way some humanists use science to bring down hate upon people who are religious. The core texts of every major religion preach peace. Poeple, however, suck.Put identity in the browser.
Switching to another system (linux, for instance) will just changed the set of bugs that virus writers attempt to exploit.
But it would make things a LOT better, for two reasons:
The existing set of Microsoft-only viruses (virtually all of 'em) would die off.
The other system (unix, linux, etc.) has, not just a different set of vulnerabilities, but a MUCH SMALLER set.
What is needed is variety. If there were more variety in the software and OSen people used, we could avoid such widescale abuses.
Unfortunately, that's not enough by itself. Yes a variety of systems makes it harder to write a virus to attack them all, so some will survive unscathed. But an infected computer can cause a lot of trouble even for other computers that AREN'T subject to the infection. (For instance: By flooding it with infection attempts or by ganging up with other infected machines to DOS-attack it.)
So it only takes ONE widely-deployed OS with a vulnerability to make trouble for the rest of the Net. Thus more variety means more pools of machines able to be converted into troublemakers.
The solution is a few, secure, operating systems.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
This is not a troll but... Maybe said IT departments should GET A FUCKING GRIP ON REALITY!
ALL you need to do is block .vbs, .exe, .scr, .com from entering your exchange (sendmail, postfix, whatever) and 100% of these problem disappear.
I don't get viruses (knock on wood) since I read in pine but I got something from the National Funeral Association and wierd content that didn't look like an obvious virus at first. I guess I was the first of many to ask their sysadmin what was up..
I noticed you did not explain what the hell you are talking about. If you knew you would have let the rest of us in on it raising the level of discussion, but you chose not to...
Besides, I am an atheist. Why should I care about the who, what, where and when of deluded people quibbling over an imaginary "God"?Life is to short to spend it splitting hairs with pointed-headed fools who would rather engage in personal attacks than in an honest exchange of information. I'd rather spend the time doing something productive.
And F.Y.I., I will comment on what I damn well want to comment on when I damn well want to comment on it. Jesus, give someone a shiny new Slashdot login and they think they are in charge of the joint!
A man who wants nothing is invincible
Simple rule: No Outlook, no Virii
Woopty Doo Basil, what does it all mean?!
The only way we could have been invulnerable to this sort of mishap is by using linux;
/novell might be setup in a way excutables don't get modified. (Until a admin gets infected)
...if you did not get it yet 8-)
Because:
-There are very few linux enabled viruses.
-Wine does not support enough win32 to let most viruses work. (and wine still must be run as root)
-ACL's could have controlled the spearding of the viri.
not:
-Any platform can get infected. No platform is protected against users executing anything they get send. If linux gets popular it will get viruses AND anti virus software.
-Linux might excute some win32 code.
-NT
AND
-The best way to protect against virusu is to reinstal your machine from scratch every now and then. (Real programmers don't need viruses to format ther hard disk.)
AND
-The best way to protect against a DOS attack is shut down your system. Ask the pointy haired manager about this.
(did i just get trolled?)
They make me feel wanted. Never before have I had so many people send me files in order to have my advice.
Peter
... and I wouldn't have any problem with the many priests, nuns, missionaries doing "good" every day of their lives if they didn't brainwash people into believing that there is some higher power that has control of their lives and the things that happen to them.
THERE IS NO DATA. THERE IS O
Ah you are right. I confused the definition of "religion", with the definitions of "faith", and "belief".
I think I am getting confused by your argument. Let me get this straight. Because these horrible people who were atheists... committed horrible acts against people with a religion... How does that mean the war was caused by science? How is it that religion can not be considered a cause when according to you it is the main difference between the agressor and the victim?
THERE IS NO DATA. THERE IS O
Of course... your past experiences, objective as they were, give you enough data to dispense with the necessity of reflection in this case. Why consider things on a case-by-case basis, since you already know all there is to know about the subject?
Again, your ability to analyze this problem in such a straightforward manner, without extraneous details such as the facts, is commendable.
Come on, give it up, that's
What problem? What analysis? There was an accusation of hatred and ignorance. I merely pointed out all the pretty stained glass in the house of the person throwing the rock.
--
E_NOSIG
Wow Tom7, you really told me. On Slashdot even. What ever will I do about my reputation now? You've ruined it. Boo hoo hoo.
Feel better?
Edith Keeler Must Die
I don't worry about moderation anymore. I post to /. not for karma, but because I wish to join in discussions. Like anything else, someone somewhere is going to misinterpert or just plain disagree with an idea.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
A man who wants nothing is invincible