|
Klez, a self-propagating e-mail worm, was first discovered in October 2001 and shortly after it was discovered, e-security firms quickly developed new codes for blocking the bug. But in the last few weeks new strains of the worm have emerged, and the latest strain came out of Asia last week, infecting some computer systems in the US and Europe. The latest incarnation of Klez is called "Klez.K," or "Klez.H."
Klez.K spreads in a number of ways but its primary method of transport is through e-mail. Like other mass-mail worms, Klez multiplies by sending itself to everyone in a victim's Outlook e-mail program after an infected attachment is opened. Infected e-mails have varying text and subject lines, and even varying sender names, making the worm all the more difficult to detect.
Klez.K can also spread through shared file systems or it can infect Microsoft Explorer files and can use them to spread further. Another insidious ability of the worm it its capacity to delete or disable anti-virus programs, opening up infected computers to barrage of viral assaults form other bugs in cyberspace.
"This one can do some nasty things...it can generate e-mails from any address it wants and one of the messages its runs appears to be from an anti-virus company and says 'If you run this programme you will be protected from Klez,' or something to that effect," explained Conor Flynn, technical director with e-security company Rits in Dublin.
The latest variation of the nine Klez worms contains the Elkern-C bug, "which is especially nasty," said Flynn. "Elkern deletes files on PC including executable files which can shutdown anti-virus programmes and is quite complicated to get rid of."
Late last week, e-security firm Symantec upgraded Klez to a "level 4" threat, demonstrating its increasing danger. Previously Klez was rated level three by Symantec on a scale of one to five. McAfee continues to rate Klez as a "medium" threat on a scale of low, medium and high.
Importantly, Symantec says it is receiving as many 3,000 submissions a day over Klez, compared to 1,500 submissions for the dangerous SirCam virus. Furthermore the company said that the bulk of reported infections are coming from home and small office users, with only around five percent of all the submissions from corporate systems.
The latest version of Klez is being described as slow-spreading but its ability to continue to spread in the face of preventative measures is what is concerning anti-virus firms the most. The bug is decidedly not as severe a threat as Code Red or Nimda, but it is thought to be the most severe e-security problem users are facing currently.
|
