Random worm threatens your systems


Random worm threatens your systems

Cliff Saran
A mutating variant of the Klez.H virus could cause severe disruption to IT systems according to anti virus-vendor MessageLabs after a dramatic increase in the number of attacks.

Mark Toshack, virus analyst at MessageLabs, told CW360.Com, "It has been very difficult to identify Klez.H. Every time it arrives in an e-mail inbox it contains a random address sender and e-mail payload."

Toshack warned that no anti-virus company would be able to pre-warn users of what to expect as it was impossible to identify the attachment filename.

At 4pm on Friday, Toshack said MessageLabs had stopped 47,602 e-mails containing Klez.H viruses.

"One in every 77 e-mails sent through our MessageLabs service was a Klez.H virus," he said. This virus has been more rampant than Sircam, one of the longest-running virus attacks on the Net.

Once executed, the Klez.H worm searches the Windows address book compiling a database of contacts. It uses its own mail engine to sends an e-mail message to these addresses with itself as an attachment.

MessageLabs said the worm tries to hide its presence by filling in the "From" field in the e-mail it sends with an e-mail contact address taken from the infected computer which, it said, makes it harder to trace.

Anti-virus experts warned users that Klez.H could overwhelm e-mail servers and lock up e-mail systems. This version of the worm does not delete files, experts said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy