Posted on 26-4-2002

Klez Computer Virus

W32/KLEZ.H, email carried virus is a "blended threat," combining elements
of a virus, which infects machines, and a worm, which transports itself
from machine to machine. It also tries to disable some antivirus programs.

It's hard to spot as it changes e-mail subject line, message and name of
the attachment at random, drawing from a database that includes, for
example, such subject lines as "Hello, honey," and "A very funny website."

The program has grown increasingly common as users unknowingly activate it
— sometimes without even opening the e-mail attachment that carries the
virus — and allow it to send copies of itself to those in the victim's
e-mail address file. The rapid spread of the program caused Symantec and
McAfee.com , two prominent computer protection companies, to upgrade their
warnings about it in recent days; Symantec said on its Web site that it now
considered the program a "category 4" risk, its second-highest ranking.

The program can also grab files randomly from victims' hard drives and send
them out, but it does little damage to the machines themselves, antivirus
companies said. Microsoft has had patches available to fix these problems
for more than a year, but many people do not keep their software up to
date, said Vincent Weafer, the director of research at Symantec Security
Response.

Although most antivirus software programs already provided protection
against the Klez family, the new variant has enough new wrinkles to trick
some of the digital sentries. The latest versions of software have been
updated to block the worm, and the companies offer free online tools to
cleanse infected machines.