[unisog] The danger of Klez warnings

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Sep 12 18:41:33 GMT 2002


On Thu, 12 Sep 2002 08:01:10 EDT, "Hall, Rand" <rand at merrimack.edu>  said:

> What are you all doing with the rejected Klez-infected messages? Why not put
> together a pubic service SWAT team of cheap labor (students) to track down
> and educate the infected?

I get a lot of Klez warnings as well.  Probably has something to do with me
being in a lot of people's address books.  It's even worse when you're the
postmaster for a very large Listserv machine.

The problem isn't in chasing down local users - the problem is in chasing down
*remote* users.  Analysis of those Klez warnings that include sufficient
headers to deduce the *real* origin show that at most 2-3% are local
users, only 10% or so appear to be in the same *state* as we are, and
fully 25% aren't even on the same *continent*.

You ever tried to convince a Pakistani ISP to track down the user who
has a virus? ;)

(And yes, I *do* still look at origin info, and I *do* forward the ones
that look local to our cheap-labor help desk and let them track down the
users.  But as I said, that's only a drop in the bucket....)
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20020912/94d3529b/attachment-0006.bin


More information about the unisog mailing list