By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Mark Toshack, virus analyst at MessageLabs, told CW360.Com, "It has been very difficult to identify Klez.H. Every time it arrives in an e-mail inbox it contains a random address sender and e-mail payload."
Toshack warned that no anti-virus company would be able to pre-warn users of what to expect as it was impossible to identify the attachment filename.
At 4pm on Friday, Toshack said MessageLabs had stopped 47,602 e-mails containing Klez.H viruses.
"One in every 77 e-mails sent through our MessageLabs service was a Klez.H virus," he said. This virus has been more rampant than Sircam, one of the longest-running virus attacks on the Net.
Once executed, the Klez.H worm searches the Windows address book compiling a database of contacts. It uses its own mail engine to sends an e-mail message to these addresses with itself as an attachment.
MessageLabs said the worm tries to hide its presence by filling in the "From" field in the e-mail it sends with an e-mail contact address taken from the infected computer which, it said, makes it harder to trace.
Anti-virus experts warned users that Klez.H could overwhelm e-mail servers and lock up e-mail systems. This version of the worm does not delete files, experts said.