Warning: Klez.E worm activates the 6th

Discussion in 'malware problems & news' started by Paul Wilders, Mar 5, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    the Klez.E email worm will activate destructively tomorrow, on 6th of month. Klez.E is among the ten most common viruses wordwide.

    Klez.E was originally found in January 2002. It has been getting steadily more common over the last weeks and by now it has become one of the most common viruses in USA, Europe and Asia.

    Klez.E activates on every 6th of the month, but the activations in January and February 2002 were causing relatively small damage. Situation is now more serious.

    Klez.E is a very complex virus. It sends itself via e-mail using a wide variety of different messages, including messages which look like virus warnings. Sometimes Klez fakes the e-mail sender, making it look like an
    innocent bystander has been spreading the virus. Klez.E also fights against various anti-virus products, trying to delete them.

    In addition, the e-mail attachments sent by Klez can execute automatically on some systems, causing infection by just reading or viewing an infected e-mail message.

    "Klez.E activation routine is destructive", comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. "It overwrites data files such as Word DOC files, Excel XLS files, MP3 music files, website HTML contents
    and ASCII text files. Even worse, it does this not only on the infected machine but also in the local network. One infected PC with write access can overwrite data companywide".

    The Klez virus family is apparently written by a single virus writer somewhere in Asia, as they contain texts such as "made in Asia", "Well paid jobs are wanted", "I want a good job, I must support my parents", and "I want a salary of $5500 a month".

    some screen shots:



    Thus: take care!


  2. wizard

    wizard Registered Member

    Feb 9, 2002
    Europe - Germany - Duesseldorf
    Kaspersky has a free removal tool for this virus.


Thread Status:
Not open for further replies.