| Submit your comments on this article |
| The virus trading club... |
| 2002-07-14 |
| I got an email today from Indepundit, with whom I've never corresponded, with the "KLez Worm Immunity" (Just run it and you'll never get KLez! Trust us!) attachment. During the week, I get a couple emails with no messages, no attachments — they'd been firewalled off — and an email from a fellow I've never heard of asking about one that came in "my" name to him. Mike, at Cold Fury, has a similar story. Somebody's infected, and because so many of us correspond on a regular or irregular basis, bloggers' and readers' emails back and forth are not only more trusted than the usual run of Viagra offers, mortgage preapprovals, breast enhancements, or videos of people having sex with chickens, but also more welcome. So be careful. If I email you, there won't be an attachment unless you ask for one — to date, two entire people have done so. And I won't send you a KLez "immunity" program to run. |
| Posted by:Fred Pruitt |
| #3 The Klez virus has been very successful, even more so than its Melissa-type predecessors, at automating social engineering. Sophos indicates that for June it was 67% of all virus reports -- and some envelope math indicates that 80% of its mail comes from the relatively rare broadband users becuase they're on 24/7. Because it's silent the infected person has no idea it's sitting there working away. It's no longer safe to just "be careful". You have to buy the $50 program AND you have to buy the $15 annual subscription. A boon for the anti-virus industry, for sure. |
| Posted by: Dan Hartung 2002-07-15 01:09:42 |
| #2 Klez is particularly insidious that way; I've gotten any number of emails from various people telling me that I sent them the virus, even though my system is clean (in fact, I did a full system scan with NAV 2002 just yesterday and came up empty-handed). The thing is, Klez appears to search out _any_ email addresses that are in your client's address book, whether you're sending, receiving or CC'ing mail, and sends itself out under those names. For my own part, I use a utility called Mailwasher to delete any suspicious mail on the server _before_ it's downloaded to my own machine (it's also very handy for getting rid of spam - it'll send "bounce" messages back to the spammer telling them your address is no good), and have NAV's email auto-protection enabled. As a result, I think it's been weeks since any copy of Klez even made it into the quarantine directory, let alone was downloaded. (Not to mention that Klez is recognizable from the titles it uses over and over again for its infected emails, and also because the attachments are always a certain size, around 120 - 130K. |
| Posted by: Joe 2002-07-14 17:11:16 |
| #1 I've been getting a lot of this stuff for quite a while. I've had no problems because I run up-to-date strong virus protection behind an excellent firewall of my own. I have no idea what sort of firewall my ISP runs, although it does seem to be catching some stuff. One more reason it's a good idea for people to take responsibility for their own protection. Nobody else is going to do it for you - not effectively, at least. |
| Posted by: Bill Quick 2002-07-14 16:01:17 |