Skip to main content /TECH with /TECH

'Klez' worm variant: Moderate threat

Apparently can spread more widely than earlier versions


By Jaikumar Vijayan

(IDG) -- A new variant of a worm that takes advantage of vulnerabilities in unpatched Microsoft's Internet Explorer and Outlook Express software is spreading in the wild, and antivirus vendors have placed its threat to a category 3 (of a possible 5).

The mass-mailing Win32.Klez.H@mm worm is a variant of the "Klez" worm that was first reported in October. Like its predecessors, the new version propagates through e-mail and attempts to copy itself through files that can be shared over a network. The worm uses random subject lines, the text within a message and attachment file names to try to get users to launch it.

Once launched, the worm copies itself to all addresses in the Windows address book and attempts to disable any antivirus software and processes that may be installed on a system. INFOCENTER
Visit an IDG site search

When the Klez.H attachment is opened, it also will often drop a copy of a virus called W32.Elkern, which infects files that can be shared over a network and mapped drives and can cause systems to crash if activated.

What's new with Klez.H is its apparent ability to spread more widely, said Sharon Ruckman, director of Symantec's security response team.

The subject lines and message bodies, for instance, have been expanded and made even more random than previous versions, she said. The virus also seems to have been designed to stop or disable a greater range of antivirus tools than older versions. In addition, the Elkern virus it carries has been modified to do more damage, Ruckman said.

Companies that are currently patched with the latest antivirus software should be protected against the virus, she said. Symantec is rating the virus as a "medium" risk.


• Symantec's official Klez.H advisory

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top