Foss:
If you think this spam is bad, you should see
what my PacBell email address brings me in REAL spam. I suspect
the problem is more than occasional greedy and stupid
advertizers.
There are variants of the Klez worm going around that look like
spam with a range of attachments. The Jess listserve has been
hit by a number of these in recent weeks. I suspect this
represents a significant fraction, if not the majority of the
undesirable emails that you are identifying as the spam crisis
flood.
To be sure, this is annoying, but I'm wondering if moving the
Jess listserve will necessarily prevent such problems or be worth the
extra effort/cost.
For the last 8 weeks.I have been getting bombarded by over 10
such Klez-mails a day (sometimes as many as 35) by virtue of having
had a Webmaster email forwarding address, and the fact that Klez can
pull the automatically logged address from the Outlook list of any
infected member. The worm mail is polymorphic, stealing to:
from, and subject lines, as well as reflecting itself in
rejected email notices from remote sentry applications.
Our problem is that (for some extreme reasons of 'academic
freedom') the UCLA email server does NOT filter ANY email, regardless
of the existence of viruses and worms. You can see from the appended
email below what that policy carries forward to the user being
absolutely responsible for maintaining up to date anti-viral software
to stop worms and viruses after they've been delivered by the
email.
Personally, I don't think this policy is wise, and when the
next generation of .NET pathogens is delivered to the waiting lambs of
the Microsoft public, it will be much worse than the Visual Basic
macro, Outlook hacking products that are getting around
currently.
I've been agitating about email filtering of the main campus
servers, because I think it needs to be done. Our clinical
service does such filtering, and it does eliminate worms, but it may
also clip desired attachments.
Perhaps the 'promise' of moving a productive listserve "off
campus" might prompt the keepers of the Sandia network resources
to engage pathogen filtering more aggressively before the hacker
sociopaths and the Microsoft masses with their dangerous system
vulnerabilities more thoroughly disrupt professional communications
networking.
Good luck,
Bob T.
Date: Thu, 06 Jun 2002 23:38:22 -0700
From: Bruin OnLine Information Bulletin <[EMAIL PROTECTED]>
Subject: IMPORTANT INFORMATION ON THE KLEZ COMPUTER VIRUS
To: Bruin OnLine Users <[EMAIL PROTECTED]>
During the past few months, there has been an increase in the
proliferation of variants of the Klez computer worm, an Internet worm that
spreads by creating duplicates of itself on other computer hard drives,
systems, or networks. Klez usually comes in the form of an email
attachment, and infects PCs running the Windows operating system.
Computers running non-Windows operating systems are not vulnerable to
Klez. Once a computer is infected, Klez will automatically send out copies
of itself whenever the machine is connected to the Internet. This usually
happens without the user's knowledge.
Klez also has the ability to spoof the email "FROM:" field. The sender's
address used by the virus may be one that was found on the infected user's
system. Thus, it may appear that you have received this virus from one
person, when it was actually sent from a different user's system. Infected
machines have the ability to send out spoofed email using a fake "FROM:"
address. Doing so makes it appear that a user sent a viral email when, in
fact, the infected machine is sending out such messages. This situation
adds to the confusion in tracing the real infected culprit, and complaints
are often generated because of these spoofed "FROM:" addresses.
To protect your computer from Klez and many other viruses, you should
first make sure that your Windows operating system is up to date with the
latest patches and updates. The Microsoft Windows Update site can be
From: Bruin OnLine Information Bulletin <[EMAIL PROTECTED]>
Subject: IMPORTANT INFORMATION ON THE KLEZ COMPUTER VIRUS
To: Bruin OnLine Users <[EMAIL PROTECTED]>
During the past few months, there has been an increase in the
proliferation of variants of the Klez computer worm, an Internet worm that
spreads by creating duplicates of itself on other computer hard drives,
systems, or networks. Klez usually comes in the form of an email
attachment, and infects PCs running the Windows operating system.
Computers running non-Windows operating systems are not vulnerable to
Klez. Once a computer is infected, Klez will automatically send out copies
of itself whenever the machine is connected to the Internet. This usually
happens without the user's knowledge.
Klez also has the ability to spoof the email "FROM:" field. The sender's
address used by the virus may be one that was found on the infected user's
system. Thus, it may appear that you have received this virus from one
person, when it was actually sent from a different user's system. Infected
machines have the ability to send out spoofed email using a fake "FROM:"
address. Doing so makes it appear that a user sent a viral email when, in
fact, the infected machine is sending out such messages. This situation
adds to the confusion in tracing the real infected culprit, and complaints
are often generated because of these spoofed "FROM:" addresses.
To protect your computer from Klez and many other viruses, you should
first make sure that your Windows operating system is up to date with the
latest patches and updates. The Microsoft Windows Update site can be
found at:
http://windowsupdate.microsoft.com/
You should install any critical updates that are available for your
computer.
If you are using an antivirus program, you should make sure that the
program's virus definitions are up to date and scan your computer for
viruses on a regular basis. If you don't have antivirus software, McAfee
VirusScan is available as a free download from the Bruin OnLine website
at:
http://www.bol.ucla.edu/software/win/
There are a number of free Klez removal utilities available on the
Internet. Symantec has one available for download at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal
.tool.html
A more detailed explanation about the Klez worm family can be found in the
Kaspersky Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=4292
Please use the above information to secure your computer and prevent it
from spreading this worm.
If you have any questions or need assistance performing any of the above
instructions, please contact the Bruin OnLine Help Desk at (310) 825-7452,
option 1.
http://windowsupdate.microsoft.com/
You should install any critical updates that are available for your
computer.
If you are using an antivirus program, you should make sure that the
program's virus definitions are up to date and scan your computer for
viruses on a regular basis. If you don't have antivirus software, McAfee
VirusScan is available as a free download from the Bruin OnLine website
at:
http://www.bol.ucla.edu/software/win/
There are a number of free Klez removal utilities available on the
Internet. Symantec has one available for download at:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal
.tool.html
A more detailed explanation about the Klez worm family can be found in the
Kaspersky Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=4292
Please use the above information to secure your computer and prevent it
from spreading this worm.
If you have any questions or need assistance performing any of the above
instructions, please contact the Bruin OnLine Help Desk at (310) 825-7452,
option 1.
-Bruin OnLine Help Desk-
Hi Folks,
The spam level on the jess-users list is becoming intolerable for me
and I'm sure for many of you. I haven't been able to get any support
here for adding some filtering, and I'm afraid our security procedures
won't permit me to run my own list server, so I think the only choice
is to move the list off-site.
There are probably a number of options available. One would be to use
something like Yahoo! Groups, which is not a bad service. They have
member-only posting, and the lists can be moderated. I'm sure there
are other options available as well, although I'm personally not aware
of what they are. If anyone wants to have input on this, please chime
in now.
---------------------------------------------------------
Ernest Friedman-Hill
Distributed Systems Research Phone: (925) 294-2154
Sandia National Labs FAX: (925) 294-2234
Org. 8920, MS 9012 [EMAIL PROTECTED]
PO Box 969 http://herzberg.ca.sandia.gov
Livermore, CA 94550
--------------------------------------------------------------------
To unsubscribe, send the words 'unsubscribe jess-users [EMAIL PROTECTED]'
in the BODY of a message to [EMAIL PROTECTED], NOT to the list
(use your own address!) List problems? Notify [EMAIL PROTECTED]
--------------------------------------------------------------------
--
