Dear list members, Below is an interesting and informative article on the Klez virus. Best wishes, Frank Elbers ---- W I R E D N E W S Top Stories - 09:15AM 4.Mar.03.PST Klez Won't Stop Making Net Rounds http://go.hotwired.com/news/infostructure/0,1377,57895,00.html/wn_ascii 02:00 AM Mar. 04, 2003 PT Like sleazy one-night stands, most e-mail viruses depart soon after they have had their way with their hosts. But Klez seems to have decided to establish a long-term relationship with Internet users. Klez, dubbed the world's most pervasive e-mail virus last May, is now also the most persistent Internet pest ever, according to representatives from antivirus firms Nod32, Sophos, Kaspersky, MessageLabs and Central Control. "Klez is hanging in there like a bloated tick," said Rod Fewster, Australian representative of antiviral application Nod32. "We probably won't see the end of it in our lifetimes." There are several variants of Klez floating around, but "Klez.H," the one that shows up most commonly in e-mail inboxes, has topped most antiviral company's threat lists since it was first spotted in mid-April 2002. Antiviral companies often chide users for not updating their antivirus software, but some experts said Klez proves that repeating stern update warnings ad nauseum isn't going to solve the problem. "When all you can think to do is hector people who obviously don't listen about updating, you have a psychological problem," said George Smith, a virus researcher and columnist for SecurityFocus. "Shouting at people who, for one reason or another, cannot hear you is mentally-ill behavior -- or evidence of idiots in command." Smith also accused the antivirus industry of being co-dependent, "needing things from people, things it cannot have -- like constant attention in the form of hourly AV updates." Not too long ago, a monthly update for new virus definitions was considered a decent way to protect systems from e-mail viruses. Then users were advised to update once a week. Now some companies suggest far more frequent updates, even advising that systems should be set to check for updates hourly. "Updating your antivirus software only once a week is like brushing your teeth only once a week -- it only gives you the minimum protection and could lead to painful consequences in the future," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "Hundreds of new viruses are discovered every month and some can spread internationally in no time at all." But some, like Rob Rosenberger of antivirus information site Vmyths, said such frequent updating is nothing more than an addictive panacea. Rosenberger believes that in most cases updating desktop AV daily or even weekly offers only slightly more protection over updating monthly. He also took the industry to task for not doing enough to develop proactive antivirus applications that battle viruses by looking for the kinds of antisocial behaviors that are a hallmark of malicious code, rather than by relying on incessant virus updates. Meanwhile, Klez will continue to make the rounds because, according to Smith, the virus works reasonably well, is easy to modify and there are always more people coming online or failing to protect themselves. "Never underestimate the accidental efficiency of a viral design," Smith said. "The daily infection pool right now is so great for Klez that the likelihood of it to decrease any time soon is not likely," agreed Steven Sundermeier, product manager at Central Command. "This large infection pool does not currently exist with older viruses." Frustration with Klez has lead some in the antivirus industry to wonder exactly how many people it takes to keep Klez in circulation -- a few thousand? A couple of hundred? A dozen? One lone infected dimwit? It appears that just one e-mail user could keep Klez going into infinity, as long as that person has friends, said Chris Wraight, a product manager at Sophos. "A single infected machine and a user with a large e-mail address book could keep Klez in circulation forever," Wraight said. "It only takes one user that is not up-to-speed on security practices, with an Internet connection, an e-mail account and a few stored e-mail addresses for the Klez mushroom effect to take place," said Central Command's Sundermeier. Smith said Klez underscores the scorn that some have for those who get infected by such viruses. "The keepers of the Net are snobs," Smith said. "Code Reds are a worldwide disaster; but Klezes are the fault of techno-bumpkins too stupid to update their antivirus." And it's not unwashed Net masses who are to blame for Klez, Smith said. Any other product with features that allows it to transmit flaws to its peers worldwide would have been driven from the marketplace or sued out of existence long ago, Smith argued. The prevalence of Klez should have shaken up a stagnant AV and software industry, but so far it hasn't seemed to spark any changes. "Human perversity on the network will always ensure Klez or something like it is always around," Smith said. "It's one of technology's lasting gifts." Wired News © Copyright 2003, Lycos, Inc. All Rights Reserved. ------------------------------------- Frank Elbers, Deputy Director Human Rights Education Associates (HREA) - USA office PO Box 382396 Cambridge, MA 02238 (tel) +1 617 625-0278 (fax) +1 617 249-0278 (e-mail) felbers@hrea.org (Web) http://www.hrea.org ========== HURIDOCS-Tech listserv ========== Send mail intended for the list to <huridocs-tech@hrea.org>. Archives of the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.php To subscribe to the list, send a message to <majordomo@hrea.org>, with the following text in the message: subscribe huridocs-tech To unsubscribe from the list, send a message to <majordomo@hrea.org>, with the following text in the message: unsubscribe huridocs-tech If you have problems (un)subscribing, contact <owner-huridocs-tech@hrea.org>.
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]