News

Check your systems: Virus set to strike today

Antivirus firms F-Secure and Central Command have warned users that the Klez.e worm, which can delete files, halt security programs and spread itself when an infected e-mail is opened, is set to trigger today (Wednesday 6 March).

Users are urged to update antivirus definitions and scan their machines as soon as possible.

The Klez.e worm is much like any other self-propagating worm, in that it harvests e-mail addresses from the Windows address book of infected machines and sends itself to addresses listed there, according to F-Secure.

Unlike some other worms, Klez.e also grabs addresses from the chat program ICQ and appears in inboxes with multiple subject lines. Among the subject lines Klez.e uses are "how are you," "let's be friends," "your password," "some questions" and "congratulations," F-Secure said in its alert. The worm even masquerades as a virus alert, the company said.

The worm is automatically executed when an infected message is opened, according to F-Secure, and infected messages are then sent using an SMTP engine built into Klez.e. Infected messages do not necessarily have an attachment to open - spreading the worm can occur simply by opening an infected e-mail.

When Klez.e infects a PC, it installs itself into the registry, infects executable files and kills the tasks launched by security programs running on the PC. Programs targeted include those offered by Symantec, Network Associates, F-Secure, Sophos and Trend Micro. The worm also disables these programs by removing the autostart components, F-Secure said.

The worm has an even more damaging payload, however, that is activated when a certain combination of dates occurs, according to F-Secure. On the sixth day of odd-numbered months (January, March, May, July, September, November) the worm attempts to overwrite all files on the infected PC which have the extensions .txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak and .mp3.

Klez.e has been active in various forms since late 2001.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy