Klez, The Virus that Keeps on Giving 686
kylus writes "Wired is running a story about the continued escapades of the Klez virus, and the damage--both to finances and reputations--that it is leaving behind. Between emails from a dead friend and porno spam appearing to be sent from a priest, I think "Don't Believe the 'From' Line" is the correct lesson."
God bless microsoft email viruses. I'm on a modem for a few weeks and downloading
countless megs of mail viruses is extremely frusterating. Course I'm still
getting sircams.
Virus writers and spammers (Score:4, Funny)
Re:Virus writers and spammers (Score:2)
Re:Virus writers and spammers (Score:2)
Re:Virus writers and spammers (Score:2, Funny)
Scripts (Score:3, Insightful)
Re:Scripts (Score:4, Insightful)
Re:Scripts (Score:3, Informative)
This can easily be done with a call to a remote image generating script, which passes a unique id as a argument.
Re:Scripts (Score:3, Insightful)
Microsoft hasn't gotten rid of scripting in Outlook because it's required for nasty email viruses like Klez to spread, which in turn allows microsoft to step in and "save the day", which leads to news headlines like "Microsoft releases latest Outlook security patch [cnn.com]", "Microsoft patch to block "Love"-like viruses [com.com]", and, my favorite, "Microsoft to secure e-mail [cnn.com]".
To the average schmoe who doesn't realize these viruses are only possible because of microsoft's stupidity, it would appear that microsoft is valiantly fighting the inevitable battle against nasty virus-writing hackers.
</conspiracy theory>
Or maybe they're really just so stupid that they think scripting in emails is such a great feature it's worth putting up with all this bullshit. If you ask me, HTML email isn't even needed. Plain ol' text usually works fine for me; most of the HTML emails I get are spam and the few that aren't usually have a text/plain version as well.
Notice that the last article I linked to sounds like a pretty solid fix: Users will be suposedly prompted before any emailed scripts do anything, and given a yes/no dialog to stop them from doing anything bad. Seems like a good idea. Unfortunetly, that article is dated June 2000, so clearly it didn't work out... Anyone know what the deal with that is?
Re:Scripts (Score:3, Informative)
Worse than porn spam from a priest... (Score:4, Insightful)
People are going to believe a priest when it's explained that it was a virus; nobody is going to believe a legit company that's operating in an industry where so much spam originates.
Argh.
-b
Re:Worse than porn spam from a priest... (Score:3, Insightful)
Re:Worse than porn spam from a priest... (Score:3, Funny)
Re:that is what (Score:5, Interesting)
Unfortunately Microsoft can't take ALL the blame for the problems of Klez... The SMTP itself is inherently insecure to begin with and anyone can send mail that looks like it is from anyone else. Of course you can deduce that the mail is probably not from the source it says it is by tracing the SMTP headers back, but that's esoteric geek knowledge that not many people have relative to the total number of people who use email.
Re:that is what (Score:3, Interesting)
But only Microsoft provides a hands off and automagic way for somebody to take advantage of the insecurities in SMTP with little trouble.
Thats what is so bad about these little episodes. SMTP has existed since the early 70's, yet e-mail born viruses that take advantage of the SMTP header spoofing have only existed a few years.
Hmm.....
Virus resistant address book (Score:3, Interesting)
Not many people would drop the convience so I don't see this as working. Too many users just can't be bothered to keep up on security and are way too willing to run an attachment sent to them that is supposed to keep them from getting a virus. It's OK to send me a virus warning. Don't send me an attachment to fix it. I'll check the usual trusted sources for the description and measures to fix it. Too many viruses are spread via social engineering.
So? (Score:2, Funny)
Use of an obscure OS is not really a legitimate excuse.
obscure?? (Score:3, Insightful)
Many ATMs and cash registers run OS/2, but you don't hear about it because there is no problem.
Re:that is what (Score:5, Funny)
Yes. Remember. when you have unsafe email with
someone, you're having email with all the
other people that person's had unsafe email with...
or something like that.
Re:that is what (Score:5, Funny)
Umm... (Score:4, Funny)
Why would pedophiles care about an adult site?
Virg
f-prot and perl solved my problems (Score:5, Interesting)
Try qmail-scanner (Score:4, Informative)
Works wonders
Re:f-prot and perl solved my problems (Score:2, Interesting)
Re:f-prot and perl solved my problems (Score:2)
Use Opera, it doesn't work with Hotmail's download script.
What a pleasant side-effect. I removed IE [98lite.net] to stop Viruses from auto-executing, and also happend to stop another potential source of viruses. :) And of course, desktop scanners are a must.
Re:f-prot and perl solved my problems (Score:2, Interesting)
Re:f-prot and perl solved my problems (Score:2)
Re:f-prot and perl solved my problems (Score:4, Insightful)
This is the whole problem with anti-virus software. Your best defense is your brain, not relying on someone else to write a defense program for you.
I have a novice friend who recently asked me about viruses. He runs Win98, IE5, OE5. I helped him with security settings and explained the significance of file extensions to him. Even my beginner buddy easily understood that having a secondary extension on an e-mail attachment is a red flag to not open that attachment. That knowledge, along with some logical security settings, (scripting host 'off', please), is your best defense against these viruses. My brother-in-law OTOH, opened a virus recently and is waiting for me to come over and clean it off for him. It's an 80-mile drive so I think I'll let him stew for a couple days. Hopefully, he's learned his lesson.
Sidebar - One of the biggest complaints I have about the default Windows install is that it hides extensions of known file types. Who was the genius at Microsoft that made that decision?
MIMEDefang (Score:2, Interesting)
stopped Klez cold at my clients' sites.
f-prot and perl CAN'T SOLVE THE REAL PROBLEM (Score:3, Informative)
Re:f-prot and perl solved my problems (Score:2)
Re:f-prot and perl solved my problems (Score:2, Informative)
had these people opened the mail at all, the virus is executed.
of course, had they kept their version of windows/ie current, it wouldnt be a problem
Save your bandwidth (Score:5, Informative)
user (username)
pass (password)
list
top (number of message to check) (kb to read)
dele (message to delete)
retr (number of message to read entirely)
quit
Quicker, cheaper, easier. This was one of the best tips I got from a friendly sysadmin.
Of course, I would ask why CmdrTaco didn't check the RFC [faqs.org], but hey, who am I to question slashdot's leader?
Re:Save your bandwidth (Score:5, Funny)
Because it doesn't work if you spell all the commands wrong.
Re:Save your bandwidth (Score:4, Informative)
Re:Save your bandwidth (Score:3, Informative)
I totally agree, it's how I check my email from friends' machines when said friend does not want me to mess up with his POP account setup.
However, it is time consuming to view each message this way.
Small remark: the TOP command takes as arguments the message number and the number of lines (not the number of kilobytes) to display.
TOP 1 20
will display the first twenty lines of message 1.
Re:Save your bandwidth (Score:2)
Jason.
Klez, Klez.h, Klez.I, over 7.2% (Score:3, Interesting)
They infect or have infected 7.2% of all computers. (more than any other virii)
A windows version for cleaning your pc of Klez. [kaspersky.ru] (and removes Nimbda, Melissa, etc.)
Re:Klez, Klez.h, Klez.I, over 7.2% (Score:2)
Do you have a source to back up these numbers?
Re:Klez, Klez.h, Klez.I, over 7.2% (Score:3, Informative)
http://news.zdnet.co.uk/story/0,,t269-s2109354,00. html [zdnet.co.uk]
Number One with a bullet... (Score:3, Interesting)
The average user? (Score:5, Insightful)
Really, how common are these things? (Score:5, Interesting)
I've been working for 2.5 years for a company that uses Exchange and Outlook. Most of my friends and colleagues use Outlook or Outlook Express at work and home, although I still use Netscape for personal stuff. I've received 2 email viri ever, and neither of them were the "common" ones like Melissa or SirCam. It leaves me wondering if people are making a big fuss out of nothing, and being a bit sensationalist or simply an anti-Microsoft bigot.
Re: Really, how common are these things? (Score:5, Insightful)
Re:Really, how common are these things? (Score:2, Funny)
One of our marketing folks sent Klez to our press-release mailing list.
My mother-in-law got a message about the "sulfnbk virus", and my wife "cleaned up" our PC. Too bad it's not a virus, just a standard Windows file. (Although in a sense it's a virus, it just infects the users who unsuspectingly do damage to their system!) It's starting to be a good argument for me to switch to Linux...
I receive 15 or so a day (Score:2)
Re:Really, how common are these things? (Score:2, Interesting)
I'd have to say that the sheer number of customers who are calling in still dealing with nimda adn magistr are alarming enough, without the numbers that are infected with KLEZ.
This is not scare mongering, or anti-MS bantering.
These email viruses are as pervasive as we are being led to believe and given the right payload, as dangerous, I'd have to say that given the number of people who find themselves infected it will 0nly take ONE really evil virii creator to make some form of uber zombie ddos.
Nimda didn't sustain category 4 for as long as Klez has.
Mailing-lists (Score:4, Interesting)
Interesting threads on mailing lists died because of this. People got insulted although they didn't send anything. A lot of people unsubscribed from mailing-lists due to this.
So people installed antivirus software, personal firewalls, etc. The result was that on mailing-list, instead of having tons of viruses, we got tons of "alert: you have sent a virus, it has been removed by our robot", that is as frustrating as the original virus.
Thanks a lot to Microsoft for being responsible of the most annoying viruses so far.
Re:Mailing-lists (Score:4, Insightful)
Isn't that a bit like holding Napster responsible for all theft of music that happens on its systems, or the manufacturers of CD-RW drives for all software piracy done on their machines? That's the argument used by the supporters of DCMA and other nasty bills that outlaw fair use.
The scum-wad(s) who wrote the virus are responsible for its actions. Microsoft should do a better job of writing secure software, but the primary responsibility lies with the virus writer. Any responsibility born by Microsoft is equalled by the responsibility born by those users who don't apply security updates and don't run up-to-date firewall and virus checking software.
Re:Mailing-lists (Score:2, Insightful)
Exactly and that is why everyone makes comments because it is always (well 9 out of 10 at a guess) a microsoft feature/bug that allows the virus's to spread like wildfire.
Mark.
Re:Mailing-lists (Score:3, Insightful)
If Microsoft hadn't enabled braindead default settings in Outlook/Outlook Express, things wouldn't be as bad as they are. Most of these viruses exploit holes in versions of Outlook/OE that are very popular. Sure, there are patches, but try getting people to install them. Then they have to reinstall Windows for some reason, they put OE or Outlook back on, and leave it unpatched.
Microsoft will continue to get hammered over this until Outlook XP and subsequent versions reach critical mass, because those versions have some sane defaults (including not allowing any access to executable attachments finally!).
Re:Mailing-lists (Score:3, Interesting)
Who should bear responsibility, the architect who designs and builds 95% of houses in the world pre-installed with piles of oily rags, kindling and soaked in kerosene, or the pissy little vandal who finally threw one match?
Shared responsibility between Microsoft and the vandals. Obviously. But Microsoft methodically lies about how secure their products are. At least the vandal's motives are plain and honest.
Re:Mailing-lists (Score:3, Insightful)
No, it's not.
Computer science and computer security experts have been saying for years that Micros~1 hasn't got the first fscking clue when it comes to writing solid, reliable, secure code. This despite the fact that there have been several examples of, if not ideal solutions, good first approaches to the problem. Indeed, to create WinNT, Microsoft snarfed the VMS team from DEC, a bunch of guys who understood those principles.
And yet, despite the mountains of examples both within and without the company, despite the millions of computers blue-screening every damned day, Microsoft willfully persists in making the same stupid mistakes.
As is well-known, Word macro viruses were a big problem in years past. This was because Microsoft made a series of impossibly moronic decisions:
Okay, fine, so Microsoft got bitten by their would-be cleverness, but they cleaned up their act, right? They learned their lesson, right?
No. Not only did they refuse to acknowledge that they had fscked up royally, they went and deliberately committed the same errors again and again:
There's a term for this kind of behavior: Willful negligence. Oh, you can point out that there are security update downloads. But you can't ignore the fact that, if Microsoft had followed basic security principles, if they had learned from their own history -- hell, if they'd even extended common courtesy to their users -- this sort of thing wouldn't have happened in the first place.
This isn't an honest mistake. This is a pattern with over twenty years of history behind it.
I agree that uneducated users are a big problem. But, especially with the advent of broadband connectivity, what Microsoft has effectively done is to give a loaded Uzi with the safety off to eight-year-olds, and then fail to train them in its use or even tell them where the safety lock is.
Microsoft touts its products as turnkey, ready-to-go, fire-and-forget, no setup, no configuration, no need to learn computer-ese, just sit down and become productive immediately. This is misleading in the extreme. Training is required; proper configuration is required (because Microsoft keeps setting the defaults wrong). As such, I feel Microsoft bears a significant burden of responsibility for the havoc their software has wreaked on the Internet.
Schwab
Just another reason... (Score:4, Funny)
and you can look at all of the attachments, too! (Score:2)
Re:Just another reason... (Score:3, Informative)
1. Send you tons of mail with huge attachments
or
2. Send other people tons of mail with huge attachments and list you as the return address
Typical. (Score:5, Interesting)
Good dose of blame goes all around here.
Re:Typical. (Score:2, Informative)
All it taks is one doofus down the hall who opens that infected screen-saver file, or exe, com, etc. in his email to cause you a ton of grief.
it's a boon for email farmers (Score:5, Interesting)
Mailwasher can help... (Score:2)
it's easy to use (imports your mail addresses directly from most popular mail clients), scans the mail server and gives warnings on possible virii and spam. As a bonus, it not only lets you delete messages on the server before you download them to your email program, it also lets you send back fake bounces to spammers.
the interface isn't quite as nice as i'd like, but it does the job.
This thing is nasty (Score:5, Funny)
I'm looking at them and it shows my address in the from area and it was mostly spam for beastiality sites. My wife went ballistic.
I got tons of them back as undeliverable. How many made it through? And now people think I was sending them spam for a porn site.
They were coming back to my wife's WIN98 machine, so she called MS. The help desk chick tells her "Someone else has a virus and it is sending out emails w/your address" So my wife says "What do I do?" and they tell her to update her virus definitions. My wife said, "But you just told me that the virus is not on my computer, someone else has it. Is there nothing that I can do?" the girl says "Well download new virus definitions and check for service packs"
The whole thing was rather humorous.
.
Virii? What Virii? (Score:5, Informative)
MIMEdefang also gives us the ability to call Mail::Spamassassin from a sendmail Milter, something Spamassassin itself does not yet support. The latest version also supports the File::Scan module for writing virus scanners in perl.
Re:Virii? What Virii? (Score:2, Informative)
The plural of virus is neither viri nor virii, nor even vira nor virora. It is quite simply viruses, irrespective of context. Here's why.
Re:Virii? What Virii? (Score:3, Funny)
Help For Windows Users (Score:3, Informative)
http://www.ultrafunk.com/products/popcorn/ [ultrafunk.com] is the website for the program.
I have nothing to do with the program or its development, I'm just a happy user.
Klez Virus (Score:3, Informative)
Since this one spread through exe's, and since it was one strain of like 20 different Klez variants, cleaning was a real bitch. Luckily, I'm in programming, so I didn't have to do much of the visit-everyone's-machine thing. I did have to format my box, tho, as all my applications (including system apps) were hosed.
mike feldkamp
shielding emails from cache (Score:2)
It is Yet Another virus that is grabbing email addresses from browser caches, as far as I can tell.
I have taken new measures to shield my email address from ending up in a browser cache, e.g. setting META no-cache directives.
I've spent the last week cleaning 'house'... (Score:2)
McAffee didn't say anything about this virus either, though I'll admit our virus files are from early this year.
I've now set all the outlook express clients to run in restricted security mode now, though, so we likely won't have much more of a problem in the future. Didn't infect Outlook, though, and obviously didn't infect other clients.
-Adam
Source of the klez found! (Score:2, Offtopic)
amavis and Klez (Score:2)
If you hired admins that were worth anything..... (Score:2, Interesting)
Very cool (Score:2)
The real solution (Score:4, Insightful)
The first step is to eliminate Outlook for e-mail. There are other options, even Emacs, that really aren't too user unfriendly.
The second step is to eliminate Office for shared documents. There are other options, perhaps Open Office, that will be less prone to viruses and will be more maintainable over time.
The third step is to begin evaluating other operating systems besides Windows. This is harder, because it will be difficult to replace all the software that was useful in Windows. Over time, however, a fairly comprehensive list can be developed, and a plan can be made to make the switch to a non-Windows OS.
The fourth step is to take the plunge and dump Windows entirely. This may be the hardest step, because this is where the most learning needs to take place. But it is just a matter of time before users adapt to the new environment.
This is what I have been doing at home and know it isn't easy to make a full transition. However, I have found adequate replacements for nearly everything and am pretty satisfied with the results.
This doesn't have to be an all-Free-all-the-time solution, either, because there really is a way to mix open and closed software to meet your needs. It just takes research, time, and patience to find that Microsoft really doesn't rule the world at all--they just want us to think they do.
We've gotten hundreds of this virus... (Score:2)
And for more redundancy, I'm also not affected at home - because I don't use OUTLOOK! I love Win2K, the
It's a shame, but... (Score:2)
On one hand it's a shame that the virus flooded his mailboxes... but if he's using a free email account to conduct business then, well, he should know better. It's not like email accounts are all that expensive.
mark
I'm impressed. (Score:5, Insightful)
Makes you wonder what else they'll come up with...
Maybe someday we'll have security, and patch this sort of thing...
Ive never but....... (Score:2)
That said my mom was in the same boat, the lan at her store has now 8 nodes and is pretty killer for a rare bookshop. Last saturday I get a call, half afraid to tell me whats going on, the line is slow, this that the other come down and look. Frigging virus variants running amok. I can say my Aunt felt bad it was her and she knew it. Being a family diplomat in the brady bunch land family I live in , all I could say was "No , its my fault for not keeping the AV server updated" then I realized the crap I just said so she wouldnt feel bad was true. They are firewalled to hell and back. They have AV clients on all the systems, and still they got nailed, why ? human error. not hers , mine.
It was nothing to clean and had just started the night before. but were talking a catalog of 250000 volumes at risk totaling over 4000 man hours of entry to create. Whew.....I lucked out, It wasnt corrupted (the most recent backup was 1 week ago) but they are spending over 150 hours per week cataloging all the volumes they have. Its tediouis work all hand research and grading. Not like a first edition signed copy of "Steal this Book" is something that has an ISBN. (They actually put one on their front shelf, I said, hmm a 500$ book that says steal me on it, they walked over and grabbed it putting it in a safer location)
All this work could have been EASILY lost, but there was a recent backup and 2 the damage was minimal at the point I snagged it. The potential for disaster here was big. Until last week I would laugh when someone got a virus doing untold damage. I think this one hit a little closer to home, I am the protector and architect f their IT enviroment. Basically if it happens on your systems or systems you take care of its your fault one way or another its your fault.
Another argument for CONFIRMING list subscribe (Score:5, Insightful)
Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]
Klez is a very old infection (Score:2)
Makes it difficult to get up in the morning and go to church, I'll tell ya.
Haven't confessed it to any priest yet, though. I'm not sure I'd trust the priests here in the Boston area with such information.
There doesn't seem to be a cure, either. I don't know anyone who caught this one who ever got over it.
I don't get e-mail virus' (Score:2)
I believe in stems from not having compleat idiots having me in their address books.
Smart friends == no virus' in email.
Hey, just out of question, what plurality of Virus are we supposed to use this week? Last time I was flamed for using virii, and I see flames over viri and virus' as well. This is getting waaay to annoying, it was so that awhile back pretty much everybody had agreed on virii (may not be historically proper but at least it ended the debate) but I want to know what {censored} started the debate back up again?
Re:I don't get e-mail virus' (Score:2)
And the plural of "virus" is simply "viruses". It's a perfectly good English word, so you don't have to foul up the language for pretentious bogo-Latin reasons.
No excuse. (Score:2)
No Problems Here (Score:2)
enron (Score:2)
Don't flame MS quite so hard for this one... (Score:3, Insightful)
Let the flames begin.
Re:Don't flame MS quite so hard for this one... (Score:3, Interesting)
And yet, despite the mountains of examples both within and without the company, despite the millions of computers blue-screening every damned day, Microsoft willfully persists in making the same stupid mistakes.
As is well-known, Word macro viruses were a big problem in years past. This was because Microsoft made a series of impossibly moronic decisions:
* To incorporate a macro facility into Word directly (rather than as an external engine driven by IPC protocols, where access controls can be applied in a uniform manner),
* To embed the macros into the Word documents directly, rather than as separate macro files (thus making it impossible for the user to distinguish between a normal document and an "active" one),
* To set the default condition to run the macros automatically upon document loading, without informing the user,
* To, by default, not inform the user that any of this idiocy was going on.
Okay, fine, so Microsoft got bitten by their would-be cleverness, but they cleaned up their act, right? They learned their lesson, right?
No. Not only did they refuse to acknowledge that they had fscked up royally, they went and deliberately committed the same errors again and again:
* Not only does IE uncritically implement JavaScript, it also throws in Visual Basic scripting and ActiveX, all of which are turned on by default. This condition is identical to that which propogated the Word macro virus fiasco. Even their "secure" execution environments hasn't prevented hostile Web sites from hijacking the browser.
* Outlook likewise, without user intervention, will extract and launch embedded content while simultaneously hiding it from the user. The damn thing doesn't even check to make sure the MIME type and the filename extension are consistent.
There's a term for this kind of behavior: Willful negligence. Oh, you can point out that there are security update downloads. But you can't ignore the fact that, if Microsoft had followed basic security principles, if they had learned from their own history -- hell, if they'd even extended common courtesy to their users -- this sort of thing wouldn't have happened in the first place.
This isn't an honest mistake. This is a pattern with over twenty years of history behind it.
Any responsibility born by Microsoft is equalled by the responsibility born by those users who don't apply security updates and don't run up-to-date firewall and virus checking software.
I agree that uneducated users are a big problem. But, especially with the advent of broadband connectivity, what Microsoft has effectively done is to give a loaded Uzi with the safety off to eight-year-olds, and then fail to train them in its use or even tell them where the safety lock is.
Microsoft touts its products as turnkey, ready-to-go, fire-and-forget, no setup, no configuration, no need to learn computer-ese, just sit down and become productive immediately. This is misleading in the extreme. Training is required; proper configuration is required (because Microsoft keeps setting the defaults wrong). As such, I feel Microsoft bears a significant burden of responsibility for the havoc their software has wreaked on the Internet.
Fool! use IMAP (Score:5, Insightful)
My OSS plug... (Not off-topic though) (Score:3, Informative)
I've been using it in my production environment for over a year now and it works like a charm. And it's open source, too!
Re:My OSS plug... (Not off-topic though) (Score:5, Informative)
No need to put an interpreted script in between
your MTA and MDA. Out of the goodness of my heart,
here's some actual working stuff to put in your
executable attachments in
#/etc/procmailrc
VIRUSLOG=/var
:0 # Use procmail match feature
* ^To:\/.*
{
HTO = "$MATCH"
}
:0 # Use procmail match feature
* ^From:\/.*
{
HFR = "$MATCH"
}
NL="
"
:0
*.for virususer;.*
/var/virusdump/virususer
:0
*^Content-type:.*
{
*name=".*\.(vbs|wsf|vbe|wsh|hta|scr|pif|exe|bat|j
{
! virususer
| (/usr/bin/formail -r; \
echo -e "This is an auto-generated message on behalf of${HTO}:\n\
\n\
The email referenced above, which was sent from your address, \n\
had a virus-vulnerable attachement (such as
This mail server no longer accepts mail with virus-vulnerable \n\
attachments and the email has been quarantined.\n\
Please try resending your attachment in a safe format such as ZIP. \n\
Contact support@iocc.com if you have any questions")\
| mail -s "Possible virus deleted" "${HFR}"
| echo "VIRUS From:${HFR} To:${HTO}" >> $VIRUSLOG
}
}
Here's what I did. (Score:3, Interesting)
Running linux the virus's aren't a problem, but downloading and the wadding through hundreds of emails sucked.
I then use procmail along with spam assassion. Now when I check my email there is usually one or two messages, and they are relivent.
Even the mailing lists I'm subsribed to get put in a sepereate folder.
I can't complain at all anymore.
What about those less the brillent friends that are still affected? Well I leave icq and aim running so they can just leave me a message that way.
Hey if my mother can avoid getting infected with these stupid virus's so can you!
Klez.H, Hardware killer (Score:3, Interesting)
The cost of viruses, worms, and spam (Score:4, Insightful)
That is a lot of bounces because we also filter on SirCam (still see some of those everyday), use several RBLs, and have extensive local spam filters and reject lists, as well as optional spam filters for Korean-encoded and Chinese-encoded mail (just rolled them out and over 800 customers have started using them already).
The cost of this is a lot of wasted bandwidth consumed by spam, worms, and viruses, in hardware (we run 4 MXes where two would otherwise suffice, because of the filtering load), and the countless hours we spend each week on defending our mail system and our customers from all this crap.
Besides the usual suspects (MS for their security holes, users for their laxness on applying updates, and the virus writers themselves), I also have to blame a lot of adminstrators for this. Mail admins, listen up! You KNOW Klez is out there and you KNOW it's going through your systems. You probably have a ton of captive specimens of it. Start filtering it inbound and outbound. You're not only helping other admins to control this problem, you're helping yourself.
And let's all be thankful that virus writers and spamware writers come from two camps that aren't likely to like each other, because if they got together and wrote a worm that silently propagated itself and turned Windows boxes into selectively open relays for use by the spammer/authors, that would be a real problem. The scary part is that it wouldn't be all that hard. The worms already have their own SMTP engines these days. The leap is small. Let's hope they don't make it, but let's think about how we're going to control it when they do.
Line of defense number 1: ISPs - if you don't already block port 25 in/out from your dial pools (requiring your dial users to smarthost through your outbound SMTP or send through it directly), start NOW. The ass you save will be your own. If we all do this (my employer has done this for years) we will cut off spam.
Yahoo! (Score:3, Interesting)
I wonder how many responses to Klez emails bounce back with an "address unknown" error?
Re:Using open relays to boot (Score:4, Insightful)
it's not the *physical* harm... it's the freaking man-years of time that is wasted. IT departments are strapped enough as it is, but then lump on top of that all of the time spent chasing crap like this down, and it *is* a strain on resources (bandwidth, server drive space, and the valuable attention it takes to diagnose and resolve a particular problem). The cost is real. Whether it's $10B or not, I have no idea, but it certainly isn't trivial.
Re:Pornographic attachments from priests? (Score:5, Insightful)
Keep in mind the hundreds of priests now being wrongfully prosecuted due to a stererotype that is spreading like wildfire. Bear in mind how it is ruining their lives.
I love how on slashdot, insults and slander made about religion are modded as funny, yet if I were to say, "Porn from black people? What was it, pictures of fried chicken?" I'd be modded as a troll. It's all ignorance; it's all slander; it's all hatred. Stop modding self-righteous science-worshipping trolls like the parent up.
Although, I'm sure that now I'll be modded as a troll. Whatever.
Dare to think for yourself.
Re:Pornographic attachments from priests? (Score:2)
Re:Pornographic attachments from priests? (Score:2, Offtopic)
These "hundreds of priests" could have kept a good name if they had just policed themselves a little better. Because the Catholic church is not a democracy, they feel they are above laws that govern normal men. They give figures like it is only 1.5% of the priests doing this (figure from Meet The Press last Sunday), but that still means that it is 600 priests guilty of this. Assholes like Cardinal Law, who helped cover this up, and would just move them to a new place to continue molesting kids, deserve a nice span of time in jail as accessories to these crimes. The image of Cardinal Law being buttfucked by some skinhead in the shower would be a fitting punishment.
Re:Pornographic attachments from priests? (Score:4, Funny)
OT I guess, but... a headline I saw recently:
Priests Decry Witch Hunt
All I could think was "What comes around..."
Remember the WTC? (Score:3, Insightful)
And you don't remember any religious persecution going on during World War II? None? I dare say, without his anti-Semitic rhetoric, Hitler might never have come to power. And the Japanese believed in the divinity of their emperor, too--the word "kamikaze" means "divine wind."
At least part of the Arab-Israeli conflict is religious in nature. You just don't see a lot of atheist suicide bombers. A lot of "ethnic cleansing" is done along religious lines as well.
The expansion of European nations into the Americas was often justified under the aegis of "divine right."
That's not to mention the religious rhetoric that's used to get men to go to war. Ever hear the song "Onward Christian Soldiers?"
So the original poster might be a little bold about his statistics...but don't fool yourself into thinking religions have their hands clean, even today.
Re:modem's and email - the solution (Score:3, Informative)
IMAP Rules, plain and simple. Take an old PC, throw Debian on it, and use courier+postfix+squirrelmail+procmail+spamassassi
Re:MOD THIS UP (Score:4, Informative)
It's a description of badtrans not klez.