Skip to main content /TECH with IDG.net
CNN.com /TECH
MAIN PAGE
WORLD
U.S.
WEATHER
BUSINESS
SPORTS
POLITICS
LAW
SCI-TECH
SPACE
HEALTH
ENTERTAINMENT
TRAVEL
EDUCATION
IN-DEPTH

VIDEO
LOCAL
CNN NEWSWATCH
E-MAIL SERVICES
CNNtoGO
ABOUT US/HELP

CNN TV
what's on
show transcripts
CNN Headline News
CNN International
askCNN

EDITIONS
CNN.com Asia
CNN.com Europe
CNNenEspanol.com
CNNArabic.com
set your edition





'Klez' worm variant: Moderate threat

Apparently can spread more widely than earlier versions

From...
 Computerworld
graphic

By Jaikumar Vijayan

(IDG) -- A new variant of a worm that takes advantage of vulnerabilities in unpatched Microsoft's Internet Explorer and Outlook Express software is spreading in the wild, and antivirus vendors have placed its threat to a category 3 (of a possible 5).

The mass-mailing Win32.Klez.H@mm worm is a variant of the "Klez" worm that was first reported in October. Like its predecessors, the new version propagates through e-mail and attempts to copy itself through files that can be shared over a network. The worm uses random subject lines, the text within a message and attachment file names to try to get users to launch it.

Once launched, the worm copies itself to all addresses in the Windows address book and attempts to disable any antivirus software and processes that may be installed on a system.

IDG.net INFOCENTER
IDG.net
Visit an IDG site


IDG.net search



When the Klez.H attachment is opened, it also will often drop a copy of a virus called W32.Elkern, which infects files that can be shared over a network and mapped drives and can cause systems to crash if activated.

What's new with Klez.H is its apparent ability to spread more widely, said Sharon Ruckman, director of Symantec's security response team.

The subject lines and message bodies, for instance, have been expanded and made even more random than previous versions, she said. The virus also seems to have been designed to stop or disable a greater range of antivirus tools than older versions. In addition, the Elkern virus it carries has been modified to do more damage, Ruckman said.

Companies that are currently patched with the latest antivirus software should be protected against the virus, she said. Symantec is rating the virus as a "medium" risk.
 
 
 
 


RELATED STORIES:
• Analysts argue that virus alerts lack standards
March 12, 2002
• Product: SecurityFocus's ARIS Predictor
October 14, 2001
• Concern raised over virus warnings
August 1, 2001
• Internet worm disguised as security alert
July 17, 2001

RELATED IDG.net STORIES:
• Klez.e worm threat appears to be contained
(Computerworld)
• Antivirus firms warn of file deletions
(ITWorld.com)
• Tricky worm can spread via AIM, IRC
(PCWorld.com)
• ISS: Worms overtake DoS as top attacks in 2002
(IDG.net)
• Malware's destructive appetite grows
(Computerworld)
• Clinton e-mail worm attempts to delete files
(Computerworld)
• New e-mail worm can select native language for recipients
(Computerworld)
• Symantec warns of blended security threats
(PCWorld.com)

RELATED SITES:
• Symantec's official Klez.H advisory

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


TECHNOLOGY TOP STORIES:
• Report: SUVs pose danger to cars
• New telemarketer tool trumps TeleZapper
• Terra Lycos logs $2.2B loss
• AOL to offer song downloads
• Microsoft seeks fiscal fountain of youth

(More)

 Search   

Back to the top
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.