Mark Toshack, virus analyst at MessageLabs, told CW360.Com, "It has been very difficult to identify Klez.H. Every time it arrives in an e-mail inbox it contains a random address sender and e-mail payload."
Toshack warned that no anti-virus company would be able to pre-warn users of what to expect as it was impossible to identify the attachment filename.
At 4pm on Friday, Toshack said MessageLabs had stopped 47,602 e-mails containing Klez.H viruses.
"One in every 77 e-mails sent through our MessageLabs service was a Klez.H virus," he said. This virus has been more rampant than Sircam, one of the longest-running virus attacks on the Net.
Once executed, the Klez.H worm searches the Windows address book compiling a database of contacts. It uses its own mail engine to sends an e-mail message to these addresses with itself as an attachment.
MessageLabs said the worm tries to hide its presence by filling in the "From" field in the e-mail it sends with an e-mail contact address taken from the infected computer which, it said, makes it harder to trace.
Anti-virus experts warned users that Klez.H could overwhelm e-mail servers and lock up e-mail systems. This version of the worm does not delete files, experts said.