'Klez' worm variant: Moderate threat
Apparently can spread more widely than earlier versions
By Jaikumar Vijayan
(IDG) -- A new variant of a worm that takes advantage of vulnerabilities in unpatched Microsoft's Internet Explorer and Outlook Express software is spreading in the wild, and antivirus vendors have placed its threat to a category 3 (of a possible 5).
The mass-mailing Win32.Klez.H@mm worm is a variant of the "Klez" worm that was first reported in October. Like its predecessors, the new version propagates through e-mail and attempts to copy itself through files that can be shared over a network. The worm uses random subject lines, the text within a message and attachment file names to try to get users to launch it.
Once launched, the worm copies itself to all addresses in the Windows address book and attempts to disable any antivirus software and processes that may be installed on a system.
When the Klez.H attachment is opened, it also will often drop a copy of a virus called W32.Elkern, which infects files that can be shared over a network and mapped drives and can cause systems to crash if activated.
What's new with Klez.H is its apparent ability to spread more widely, said Sharon Ruckman, director of Symantec's security response team.
The subject lines and message bodies, for instance, have been expanded and made even more random than previous versions, she said. The virus also seems to have been designed to stop or disable a greater range of antivirus tools than older versions. In addition, the Elkern virus it carries has been modified to do more damage, Ruckman said.
Companies that are currently patched with the latest antivirus software should be protected against the virus, she said. Symantec is rating the virus as a "medium" risk.
Analysts argue that virus alerts lack standards
March 12, 2002
Product: SecurityFocus's ARIS Predictor
October 14, 2001
Concern raised over virus warnings
August 1, 2001
Internet worm disguised as security alert
July 17, 2001
RELATED IDG.net STORIES:
Klez.e worm threat appears to be contained
Antivirus firms warn of file deletions
Tricky worm can spread via AIM, IRC
ISS: Worms overtake DoS as top attacks in 2002
Malware's destructive appetite grows
Clinton e-mail worm attempts to delete files
New e-mail worm can select native language for recipients
Symantec warns of blended security threats
Symantec's official Klez.H advisory
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top