Posted on 26-4-2002
Klez
Computer Virus
W32/KLEZ.H, email carried virus is a "blended threat," combining
elements
of a virus, which infects machines, and a worm, which transports
itself
from machine to machine. It also tries to disable some antivirus
programs.
It's hard to spot as it changes e-mail subject line, message
and name of
the attachment at random, drawing from a database that includes,
for
example, such subject lines as "Hello, honey," and "A very funny
website."
The program has grown increasingly common as users unknowingly
activate it
— sometimes without even opening the e-mail attachment that
carries the
virus — and allow it to send copies of itself to those in the
victim's
e-mail address file. The rapid spread of the program caused
Symantec and
McAfee.com , two prominent computer protection companies, to
upgrade their
warnings about it in recent days; Symantec said on its Web site
that it now
considered the program a "category 4" risk, its second-highest
ranking.
The program can also grab files randomly from victims' hard
drives and send
them out, but it does little damage to the machines themselves,
antivirus
companies said. Microsoft has had patches available to fix these
problems
for more than a year, but many people do not keep their software
up to
date, said Vincent Weafer, the director of research at Symantec
Security
Response.
Although most antivirus software programs already provided protection
against the Klez family, the new variant has enough new wrinkles
to trick
some of the digital sentries. The latest versions of software
have been
updated to block the worm, and the companies offer free online
tools to
cleanse infected machines.
|