Yes -- we were caught

It's almost a relief that Bugbear has toppled Klez from the top of the list of most troublesome viruses. Except that while Klez was a nuisance, Bugbear causes serious mayhem.

It’s almost a relief that Bugbear has toppled Klez from the top of the list of most troublesome viruses. Except that while Klez was a nuisance, Bugbear causes serious mayhem. Undoubtedly many of us have had personal experience of one or both, although it’s not something we like to admit.

Klez has spent months at the top of the virus charts. It first appeared a year ago, according to antivirus firm Sophos, but there have been bouts of renewed activity from Klez variants with reactivation code. Its spoofing characteristic means my name has been dragged through the mud numerous times, the virus appearing in lots of people’s inboxes showing me as the sender.

Why me? Presumably because my email address has been harvested from the Computerworld website. And what a tasty target for humiliation – a journalist on an IT publication. But I swear I don’t have a virus now, and never have had.

Xtra’s antivirus filtering service first alerted me to what was going on. Then a number of people sent me messages telling me to desist from sending them viruses, displaying varying degrees of annoyance. Some were mildly grumpy; others were considerably so.

The latter group hadn’t seemed to have heard of Klez, and were unwilling to accept that the virus arriving with my name attached had nothing to do with me. Until IDG’s IT manager demonstrated how easy spoofing is by sending a message to one of them with their own name as sender. The complainer went quiet at that point. Meanwhile, I checked my sent mail folder to see if I had in fact corresponded with him or any of the others, and was relieved to see I hadn’t.

Klez has been a learning experience all round. Initially, Xtra’s alert service took at face value that I really was helping spread it. But after a few days the alert message changed to one saying that the Klez virus was the likely culprit, with a link to information about it. And what a cunning piece of work it turns out to be. As if spoofing isn’t enough, a later Klez variant masquerades as a fix for a previous version. This is a phenomenon which seems to be catching on with virus writers. Another virus which has surfaced in the past few weeks pretends to be a Microsoft security patch. There’s an irony lurking in here somewhere, given that Klez and others exploit flaws in Microsoft Outlook and Exchange.

Bugbear has also taught a few organisations a lesson about viruses. IDG, Computerworld’s publisher, has to make its own painful admission. Yes, we were caught. I was in a meeting with the IT manager when his trusty lieutenant reported that all our printers were spewing out pages of nonsense. It didn’t take long to work out what had happened. Bugbear had snuck in before Norton Antivirus had been updated to block it, and one of our users had cheerfully set the virus free on the network. Plenty of other outfits were similarly embarrassed, including, according to our spies, a transtasman baking concern and a cleaning company with operations here and in Australia. There’s nothing like a high-speed international WAN to assist with international virus spread.

As the experts keep saying, security is a state of mind; no one should rely on antivirus software of itself to spare them embarrassment. We thought we were protected. And a company on the Coromandel believes it was caught out before Xtra’s antivirus service (which so capably caught Klez) had got into Bugbear blocking mode. Xtra wasn’t prepared to comment without seeing all the evidence. Auckland company E-Secure-IT quickly seized on the marketing potential afforded by our discomfort to remind us that its security alert service is another necessary tool for keeping viruses at bay. It publishes a database of vulnerabilities, updated once a week, which can be accessed free. With hundreds of new threats arising each week, though, the paid-for alert service is going to do a better job.

But even that is just part of the answer. After all, some hapless organisation has to be the first victim of any new virus before others are going to hear of it. There’s an understandable reticence about admitting you’ve become a victim. But perhaps getting over the embarrassment and helping spread word of new threats – rather than the threats themselves -- would stop them in their tracks.

Doesburg is Computerworld’s editor. Phone him with editorial suggestions on 09 302 8763. Send letters for publication to Computerworld Letters.

Join the newsletter!

Error: Please check your email address.

Tags Bugbear

More about IDGMicrosoftNortonSophosXtra

Show Comments
[]