[plug] Here to find out more!

Craig Ringer craig at postnewspapers.com.au
Sat Aug 17 00:47:06 WST 2002 

>
>
>I have just received another email from the list that contains a virus, this
>email appears to have been posted by <chrisg at doladns.dola.wa.gov.au>,
>
Its klez, so its not important who it appears to be from. Klez spoofs 
the From: address to appear to be from a random address selected from 
the address book of the user. So all that tells us is that the infected 
machine has both "plug at plug.linux.org.au" and 
"chrisg at doladns.dola.wa.gov.au" in its address book.

>There was also an attachment to this email named 'B962197' and according to
>my virus scanner it contained the 'W32/Klez.h at MM' virus.
>
Yay. Klez. Just when you think its gone away....
then again I'm _still_ getting Nimidia hits from some japanese primary 
school www-server with a broken contact email *arrggh*.

>Could somebody please explain to me 'What is happening here ?'
>
Most likely somebody who is subscribed to plug (since we don't allow 
un-subscribed posts, yes?)  has a machine infected by klez. Nothing 
special. Reading PLUG doesn't mean you have to use linux (though having 
X-Mailer: Microsoft Outlook Express might get you laughed out unless 
you're writing from a braindead workplace). It really isn't 
spectactular, and virus filtering lists is not going to be practical 
unless/until there's _free_ _quality_ anti-virus software available.

> I may be wrong but I don't think this is a good way to get poeple to 
> change over to Linux.

Pfft. Every mailing list that doesn't have some kind of virus scanning 
available will have this problem, and one could argue that most of this 
list's readers will be at much less risk than usual because they'll (a) 
NOT use MS outlook express or use it with completely up-to-date virus 
scanning (b) quite likely not use windows at all.

Don't stress about it. Don't use outlook or outlook express, or don't 
use windows. If you must use windows, and _especially_ if you must use 
Outlook (express) get a good virus scanner and keep it up to date. 
Clearly you have at least a vaguely decent one given that you posted 
this, not "arrggh email from plug ate my machine". Though any virus 
scanner w/o detection of Klez can be considered utterly broken so its 
not saying much that it found this. Anyway, there's nothing to be done 
but take sensible precautions, understand that there's no effective way 
to prevent this, and not stress.

Craig Ringer

More information about the plug mailing list