Klez
Klez is a
A number of variants of the worm exist.The virus (Klez) itself is a
Klez infects
The e-mail through which the worm spreads always includes a text portion and one or more attachments. The text portion consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm, or a few lines of text that attempt to induce the recipient to execute the worm by opening the attachment (sometimes by claiming that the attachment is a patch from Microsoft; sometimes by claiming that the attachment is an antidote for the Klez worm). The first attachment is always the worm, whose internals vary.
Once the worm is executed, either automatically by the buggy HTML engine or manually by a user, it searches for addresses to send itself to. When it sends itself out, it may attach a file from the infected machine, leading to possible privacy breaches.
Later variants of the worm would use a false From address, picking an e-mail address at random from the infected machine's Outlook or Outlook Express address book, making it impossible for casual observers to determine which machine is infected, and making it difficult for experts to determine anything more than the infected machine's Internet Service Provider.
See also
- Timeline of computer viruses and worms
- Comparison of computer viruses
- Computer viruses
References
- ^ a b "What is the KLEZ virus? – GMS". Retrieved 2024-04-30.
- ^ a b "Worm:W32/Klez | F-Secure Labs". www.f-secure.com. Retrieved 2024-04-30.
External links
- Anti-virus provider F-Secure Klez information
- Anti-virus provider Trend Micro Klez information
- Anti-virus provider Symantec Klez information
- AUSCERT External Security Bulletin, ESB-2001.456, "Malicious software report W32/KLEZ", 29 October 2001. Archived 2006-08-20 at the Wayback Machine