Like sleazy one-night stands, most e-mail viruses depart soon after they
have had their way with their hosts.
But Klez seems to have decided to establish a long-term relationship with
Internet users.
Klez, dubbed the world's most pervasive e-mail virus last May, is now also
the most persistent Internet pest ever, according to representatives from
antivirus firms Nod32, Sophos, Kaspersky, MessageLabs and Central Control.
"Klez is hanging in there like a bloated tick," said Rod Fewster,
Australian representative of antiviral application Nod32. "We probably
won't see the end of it in our lifetimes."
There are several variants of Klez floating around, but "Klez.H," the one
that shows up most commonly in e-mail inboxes, has topped most antiviral
company's threat lists since it was first spotted in mid-April 2002.
Antiviral companies often chide users for not updating their antivirus
software, but some experts said Klez proves that repeating stern update
warnings ad nauseum isn't going to solve the problem.
"When all you can think to do is hector people who obviously don't listen
about updating, you have a psychological problem," said George Smith, a
virus researcher and columnist for SecurityFocus. "Shouting at people who,
for one reason or another, cannot hear you is mentally-ill behavior -- or
evidence of idiots in command."
Smith also accused the antivirus industry of being co-dependent, "needing
things from people, things it cannot have -- like constant attention in the
form of hourly AV updates."
Not too long ago, a monthly update for new virus definitions was considered
a decent way to protect systems from e-mail viruses. Then users were
advised to update once a week. Now some companies suggest far more frequent
updates, even advising that systems should be set to check for updates hourly.
"Updating your antivirus software only once a week is like brushing your
teeth only once a week -- it only gives you the minimum protection and
could lead to painful consequences in the future," said Graham Cluley,
senior technology consultant at Sophos Anti-Virus. "Hundreds of new viruses
are discovered every month and some can spread internationally in no time
at all."
But some, like Rob Rosenberger of antivirus information site Vmyths, said
such frequent updating is nothing more than an addictive panacea.
Rosenberger believes that in most cases updating desktop AV daily or even
weekly offers only slightly more protection over updating monthly.
He also took the industry to task for not doing enough to develop proactive
antivirus applications that battle viruses by looking for the kinds of
antisocial behaviors that are a hallmark of malicious code, rather than by
relying on incessant virus updates.
Meanwhile, Klez will continue to make the rounds because, according to
Smith, the virus works reasonably well, is easy to modify and there are
always more people coming online or failing to protect themselves.
"Never underestimate the accidental efficiency of a viral design," Smith said.
"The daily infection pool right now is so great for Klez that the
likelihood of it to decrease any time soon is not likely," agreed Steven
Sundermeier, product manager at Central Command. "This large infection pool
does not currently exist with older viruses."
Frustration with Klez has lead some in the antivirus industry to wonder
exactly how many people it takes to keep Klez in circulation -- a few
thousand? A couple of hundred? A dozen? One lone infected dimwit?
It appears that just one e-mail user could keep Klez going into infinity,
as long as that person has friends, said Chris Wraight, a product manager
at Sophos.
"A single infected machine and a user with a large e-mail address book
could keep Klez in circulation forever," Wraight said.
"It only takes one user that is not up-to-speed on security practices, with
an Internet connection, an e-mail account and a few stored e-mail addresses
for the Klez mushroom effect to take place," said Central Command's
Sundermeier.
Smith said Klez underscores the scorn that some have for those who get
infected by such viruses.
"The keepers of the Net are snobs," Smith said. "Code Reds are a worldwide
disaster; but Klezes are the fault of techno-bumpkins too stupid to update
their antivirus."
And it's not unwashed Net masses who are to blame for Klez, Smith said.
Any other product with features that allows it to transmit flaws to its
peers worldwide would have been driven from the marketplace or sued out of
existence long ago, Smith argued. The prevalence of Klez should have shaken
up a stagnant AV and software industry, but so far it hasn't seemed to
spark any changes.
"Human perversity on the network will always ensure Klez or something like
it is always around," Smith said. "It's one of technology's lasting gifts."
http://www.wired.com/news/print/0,1294,57895,00.html
