caleb68 opened this issue on Jul 11, 2002 ยท 97 posts
terminusnord posted Fri, 12 July 2002 at 12:36 PM
I see these long threads in every major message board, and I wonder which is worse, the people who start them or the tens of know-it-alls who suddenly think they are newtorking/virus gurus who have the definitive explanation of what really happened.
There are posts in this thread from Genny, hogwarden, lyrra, ronknights and others that are making statements about Klez.H that are neither true nor helpful. While I don't agree with caleb68's approach in instantly making this a public issue, his intentions were at least honorable. I cannot say the same for the intentions of the people that then attacked him, armed only with what little they know about how email worms work (which clearly isn't much in the case of the aformentioned folks). What is the motivation of non-technical people to so openly display their ignorance?
Assuming caleb68 did not maliciously create those headers he posted (and I don't believe he did) he is correct about where his copy of the worm came from--from Sharen. The Klez worm is not server-based and it is not sophisticated enough to fake the header information he posted. Every copy of Klez.h that I have received has had the correct and true source IP address in the headers--only the "From:" field is spoofed, which is enough to fool most people. The rest of the header is an accurate account of the email routing. In fact, the rest of the email routing header information is added to the email as the message propagates the net. The Klez worm excutes ONLY on the infected end-user Windoze machine, and it DOES NOT have any effect on the servers that hop the mail and add the headers (Sorry Lyrra, I don't know who told you otherwise, but you're flat out wrong).
I've also examined the headers of numerous emails from people who claim I sent them the Klez. My email address was in the "from" field surely enough, but none of the other routing information matched my computer, which is a Unix-based Macintosh BTW, not even capable of executing Klez's code.
I was especially moved by Ron Knights telling caleb68 to "shut up" with his "faulty knowledge". The irony of this had me doubled over with laughter. From a debate standpoint, when you have reduced someone's defense solely to "shut up" and profanities, you have won!
-Adam