Klez spoofing causes headaches for ISPs

The Klez virus is still making its presence felt among New Zealand internet users, although there are some signs that its power is waning.

The Klez virus is still making its presence felt among New Zealand internet users, although there are some signs that its power is waning.

According to the IDG News Service, Klez has been around since late 2001, though it has gone through a number of variants.

Xtra, the country's largest ISP, is reporting around 55,000 viruses a day being blocked by its new server-based anti-virus solution, of which roughly 75% are Klez, says spokesman Matt Bostwick.

Ihug, which also blocks viruses at the server (for a fee), is seeing fewer examples of Klez come through, which is a relief to director Tim Wood.

"Yeah, it's slowing down. Finally." Wood says of the 15,669 viruses blocked in August on Ihug's site, 11,064 were Klez.

One of Klez's more annoying side effects is its spoofing of the sender's address. Klez will choose two addresses from an infected user's mailbox and send itself to one pretending to be from the other. This has lead to many end-users being blamed for viruses they don't have. Both Xtra and Ihug use an anti-virus solution from Trend Micro that sends an automated email to the virus sender's address warning them of their infection: Klez's spoofing of the address has meant many people get such an email even though they aren't infected.

"At least this way they know their name is being taken in vain as it were - without the email they wouldn't know they'd been blamed for a virus," says Bostwick.

Ihug receives a couple of calls a day about the problem, says Wood.

"We send out an automated response telling them that it's Klez and what that means and why they got the first email. That sort of thing."

PC World US said this week that antivirus software makers Symantec and McAfee both report more than 2000 new infections daily, with no sign of letup. The British security firm MessageLabs estimates that one in every 300 email messages holds a variation of the Klez virus, and says that Klez has already surpassed the SirCam as the most prolific virus ever.

Join the newsletter!

Error: Please check your email address.

Tags Klez

More about IDGMcAfee AustraliaMessageLabsSymantecTrend Micro AustraliaXtra

Show Comments
[]