[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Subject Index][Author Index]

Klez again

To: dinosaur@usc.edu
Subject: Klez again
From: Mickey Rowe <rowe@psych.ucsb.edu>
Date: Wed, 12 Jun 2002 15:28:55 -0700 (PDT)
Reply-to: rowe@psych.ucsb.edu
Sender: owner-dinosaur@usc.edu

Once again for those of you not protected by a virus filter, the Klez
worm/virus has been sent by the dinosaur list again.  At the moment
there are only two things I can do to prevent these things...  One:
implore anyone and everyone to make sure that their machines are
disinfected.  So I do that here and now.  The latest virus *looks* to
casual inspection like it came from Michael Sternberg:

  Date: Wed, 12 Jun 2002 16:16:55 -0500
  From: mstern <mstern@cnw.com>
  To: dinosaur@usc.edu
  Subject: Fw:congratulations

However, it did not.  Given the worm's manner of propagation I cannot
guarantee it was sent by any subscriber to the list.  If it was from a
subscriber, the header suggests that that subscriber is Judy
Lundquist: jlq.gw@verizon.net

Judy, I'm sorry to "out" you like this, but if it turns out that your
machine is infected (please write me personally if you discover that
it is) then I can use the same method on my records of past Klez
distributions to infer who else on the list might be infected (Tracy
Ford, a previous episode looked like it came from you, so I hope you
too have taken steps to ensure that your machine is clean).

Anyways, it is a good idea for everyone to make sure you are running
virus protection software with the latest data for recognizing
infected files.  Since the senders of Klez may not be list subscribers
but merely people who have sent e-mail to list subscribers in the
past, it would be a good idea for you all to try to make sure your
friends and family get the word too.

The second thing I can do is configure the dinosaur list to reject all
attachments.  Those of you on VRTPaleo know that at minimum I would
greatly upset Ed Summer if I did that :-)  More seriously it still
seems to me that that cure is worse than the disease because many of
you send things listproc would interpret as attachments even though
you may not even know you're doing it.  Anyways, each time we get hit
I come closer to reassessing which is worse, allowing viruses to get
through or preventing legitimate messages from containing all that you
put into them.  Feel free to voice an opinion provided you send it
directly to me and/or Mary and not to the list.

I'm still shaking trees at USC to try to get them to implement a
filter that would prevent viruses from getting through their machines.
That would be the best way to handle the situation (since it's
something I can't do personally I do not list it as a third option for
me).  Unfortunately -- for reasons I can't fathom -- they've been
"studying" the problem for the past several months without being able
to come up with a solution.  UCSB and many other such large sites
successfully implemented filters last year or earlier...

Anyways, my apologies for any and all inconvenience.  I'm flying by
the seat of my pants as well as I can.

Your humble administrator,

-- 
Mickey Rowe     (rowe@psych.ucsb.edu)

P.S. D**n, I just realized there is a third thing I could do... return
the list to full moderation.  Given my current commitments I don't see
that as being particularly viable -- if nothing else it would greatly
impede the flow of traffic through the list since I would not be able
to act on each message quickly.  I know, I know, some of you think
that would be a good thing :-) ...

Prev by Date: Re: The K-T boundary in Nanxiong
Next by Date: unsubscribe
Previous by thread: Re: Giganotasarus line drawing...
Next by thread: unsubscribe
Indexes: