A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
Also see: Hoax Encyclopedia | Repair Center | News Briefs | Glossary | Infected Attachments | Prevention Center
|
Klez
The Klez worm takes advantage of a MIME header vulnerability to automatically execute on systems running unpatched versions of Microsoft® Internet Explorer versions 5.01 and 5.5. Users of these versions should either patch their browsers or make sure the settings for their mail client do not allow file downloads. Tips for securing your mail client can be found in the Email Help Center.
The Klez worm copies itself to root directories of local and network drives with a random name and with double extension, such as .TXT.EXE.
The Elkern virus dropped by Klez is a low-polymorphic cavity infector with network spreading capabilities. Elkern doesn't work on any operating system except Windows 98 due to bugs in its code.
F-Secure has created a special utility to disinfect both the Klez worm and the Elkern virus. The utility is available for download from ftp://ftp.europe.f-secure.com/anti-virus/tools/fsklez.exe.
See also: Klez.E worm
Aliases: ElKern, Klaz, Kletz, I-Worm.Klez, W32.Klez
Type: mass-mailing dropper
Systems Affected: Windows 32-bit systems
Payload: drops a polymporphic EXE virus called ElKern
ITW: Yes
Origin: Asia
Description: According to F-Secure, Klez is a mass-mailer worm which drops a polymporphic EXE virus called ElKern. The e-mails sent by Klez can have a wide variety of different subject fields such as:
Hi
Hello
How are you?
Can you help me?
We want peace
Where will you go?
Congratulations!!!
Don't cry
Look at the pretty
Some advice on your shortcoming
Free XXX Pictures
A free hot porn site
Why don't you reply to me?
How about have dinner with me together?
Never kiss a stranger
Analysis performed by F-Secure indicates the message has no text in body and the attachment name is random.
