[711] in resnet
Wanted: Information on Klez Infections
daemon@ATHENA.MIT.EDU (Mike Smith)
Fri Jan 25 21:52:14 2002
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.1.0.14.0.20020125210007.02919ae0@post.queensu.ca>
Date: Fri, 25 Jan 2002 21:46:03 -0500
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Mike Smith <smithm@POST.QUEENSU.CA>
To: RESNET-L@listserv.nd.edu
I'm looking to share information on Klez experiences. In short, Klez has
proven widespread and damaging at Queen's. Symantec is behaving as though
we are uniquely affected. That does not make sense to me but if it is true
I need to find out what we are doing wrong.
I'd really like two things from anybody who has the time to reply:
1. Where does Klez fit on a scale of 1 to 10 at your institution? 1 being
Definitely not a problem. 10 being Klez has been a nightmare.
2. What AV software do you run?
The answers for Queen's are 10 and Norton AntiVirus Corporate Edition 7.60.
At Queen's, Klez has proven much wider spread and more destructive than
predicted by our AV vendor, Symantec. Our environment includes perhaps
15,000 PCs, "unmanaged" in Symantec's words. We have a site license for
NAV CE and though there are no doubt many machines that are not protected I
would judge that 10,000 or more have NAV 7.51 or 7.60 installed. I would
not predict how many of those machines had the latest virus definitions but
the point is moot: NAV did not detect the infection until almost a week
after we first saw it appear.
I think a conservative estimate is that 100 machines have been wiped out by
Klez this week. Symantec and indeed other AV vendors don't seem to think
it is a big deal. We freely admit that we don't understand how it works
but cleaning it seems almost impossible.
Thanks for your attention. It has been a very long week.
Mike Smith
Information Technology Services
Queen's University
(613) 533-2024
smithm@post.queensu.ca
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________