ElectricNews.net:News:Klez threat continues

ADS & MARKETING

APPOINTMENTS

BUSINESS

E-COMMERCE

HOME & GADGETS

INTERNET & TELECOMS

INVESTMENT

MARKETS

OPINION

ROUNDUPS

SECURITY

WIRELESS

CORRECTIONS

Let us know how to make ENN better!
Take our reader's survey.

Who wants multimedia messaging?
I'm talking mobile again, but this time it's a question of how/if the public are going to be able to access the new services being planned by the mobile manufacturers and the networks.

The following e-mail will be sent on your behalf.

 has sent the following story to you from ElectricNews.net.

The story is available from https://electricnews.net/news.html?code=7326034

Klez threat continues 
Monday, April 29 2002
by Matthew Clark


The computer worm known as Klez is continuing to wreak havoc on some computer
systems, as another version of the bug has been discovered. 

Klez, a self-propagating e-mail worm, was first discovered in October 2001 and
shortly after it was discovered, e-security firms quickly developed new codes for
blocking the bug. But in the last few weeks new strains of the worm have emerged,
and the latest strain came out of Asia last week, infecting some computer systems
in the US and Europe. The latest incarnation of Klez is called "Klez.K," or
"Klez.H."



Klez.K spreads in a number of ways but its primary method of transport is through
e-mail. Like other mass-mail worms, Klez multiplies by sending itself to everyone
in a victim's Outlook e-mail program after an infected attachment is opened.
Infected e-mails have varying text and subject lines, and even varying sender
names, making the worm all the more difficult to detect. 



Klez.K can also spread through shared file systems or it can infect Microsoft
Explorer files and can use them to spread further.  Another insidious ability
of the worm it its capacity to delete or disable anti-virus programs, opening up
infected computers to barrage of viral assaults form other bugs in cyberspace. 



"This one can do some nasty things...it can generate e-mails from any address
it wants and one of the messages its runs appears to be from an anti-virus
company and says 'If you run this programme you will be protected from Klez,' or
something to that effect," explained Conor Flynn, technical director with
e-security company Rits in Dublin. 







The latest variation of the nine Klez worms contains the Elkern-C bug, "which
is especially nasty," said Flynn.  "Elkern deletes files on PC including
executable files which can shutdown anti-virus programmes and is quite
complicated to get rid of."





Late last week, e-security firm Symantec upgraded Klez to a "level 4" threat,
demonstrating its increasing danger. Previously Klez was rated level three by
Symantec on a scale of one to five. McAfee continues to rate Klez as a "medium"
threat on a scale of low, medium and high.



Importantly, Symantec says it is receiving as many 3,000 submissions a day over
Klez, compared to 1,500 submissions for the dangerous SirCam virus. Furthermore
the company said that the bulk of reported infections are coming from home and
small office users, with only around five percent of all the submissions from
corporate systems. 



The latest version of Klez is being described as slow-spreading but its ability
to continue to spread in the face of preventative measures is what is concerning
anti-virus firms the most. The bug is decidedly not as severe a threat as Code
Red or Nimda, but it is thought to be the most severe e-security problem users
are facing currently.