ENN - Electric News.net
Free e-mail alerts & newsletter - Sign up here
Free e-mail alerts & newsletter - Sign up here
Edit your alerts
News
   CORRECTIONS
Survey
Let us know how to make ENN better!
Take our reader's survey.
 
Sex, profits and video games
Soon Santa will be coming to town with a bag full of video games, but it's not just children who are wishing for the latest electronic titles.
More here

 

::SECURITY

Klez threat continues
Monday, April 29 2002
by Matthew Clark

Send story to a friend
Print this story
The computer worm known as Klez is continuing to wreak havoc on some computer systems, as another version of the bug has been discovered.

Klez, a self-propagating e-mail worm, was first discovered in October 2001 and shortly after it was discovered, e-security firms quickly developed new codes for blocking the bug. But in the last few weeks new strains of the worm have emerged, and the latest strain came out of Asia last week, infecting some computer systems in the US and Europe. The latest incarnation of Klez is called "Klez.K," or "Klez.H."

Klez.K spreads in a number of ways but its primary method of transport is through e-mail. Like other mass-mail worms, Klez multiplies by sending itself to everyone in a victim's Outlook e-mail program after an infected attachment is opened. Infected e-mails have varying text and subject lines, and even varying sender names, making the worm all the more difficult to detect.

Klez.K can also spread through shared file systems or it can infect Microsoft Explorer files and can use them to spread further. Another insidious ability of the worm it its capacity to delete or disable anti-virus programs, opening up infected computers to barrage of viral assaults form other bugs in cyberspace.

"This one can do some nasty things...it can generate e-mails from any address it wants and one of the messages its runs appears to be from an anti-virus company and says 'If you run this programme you will be protected from Klez,' or something to that effect," explained Conor Flynn, technical director with e-security company Rits in Dublin.

The latest variation of the nine Klez worms contains the Elkern-C bug, "which is especially nasty," said Flynn. "Elkern deletes files on PC including executable files which can shutdown anti-virus programmes and is quite complicated to get rid of."

Late last week, e-security firm Symantec upgraded Klez to a "level 4" threat, demonstrating its increasing danger. Previously Klez was rated level three by Symantec on a scale of one to five. McAfee continues to rate Klez as a "medium" threat on a scale of low, medium and high.

Importantly, Symantec says it is receiving as many 3,000 submissions a day over Klez, compared to 1,500 submissions for the dangerous SirCam virus. Furthermore the company said that the bulk of reported infections are coming from home and small office users, with only around five percent of all the submissions from corporate systems.

The latest version of Klez is being described as slow-spreading but its ability to continue to spread in the face of preventative measures is what is concerning anti-virus firms the most. The bug is decidedly not as severe a threat as Code Red or Nimda, but it is thought to be the most severe e-security problem users are facing currently.

:: Discuss this story - Click here

:: MORE NEWS from SECURITY

Search

Jobs
UTV Internet - all Ireland flat rate internet access

The Digital Media Directory from DMI

Aztech

Powered by The CIA

 

© Copyright ElectricNews.Net Ltd 1999-2002.