Random worm threatens your systems

A mutating variant of the Klez.H virus could cause severe disruption to IT systems according to anti virus-vendor MessageLabs...

A mutating variant of the Klez.H virus could cause severe disruption to IT systems according to anti virus-vendor MessageLabs after a dramatic increase in the number of attacks.

Mark Toshack, virus analyst at MessageLabs, told CW360.Com, "It has been very difficult to identify Klez.H. Every time it arrives in an e-mail inbox it contains a random address sender and e-mail payload."

Toshack warned that no anti-virus company would be able to pre-warn users of what to expect as it was impossible to identify the attachment filename.

At 4pm on Friday, Toshack said MessageLabs had stopped 47,602 e-mails containing Klez.H viruses.

"One in every 77 e-mails sent through our MessageLabs service was a Klez.H virus," he said. This virus has been more rampant than Sircam, one of the longest-running virus attacks on the Net.

Once executed, the Klez.H worm searches the Windows address book compiling a database of contacts. It uses its own mail engine to sends an e-mail message to these addresses with itself as an attachment.

MessageLabs said the worm tries to hide its presence by filling in the "From" field in the e-mail it sends with an e-mail contact address taken from the infected computer which, it said, makes it harder to trace.

Anti-virus experts warned users that Klez.H could overwhelm e-mail servers and lock up e-mail systems. This version of the worm does not delete files, experts said.

Read more on IT risk management

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close