|
DialogueScience News |
The DialogueScience specialists notice lately the increased activity of new e-mail worm Klez new versions. The virus was first time discovered in November 2001. The specific feature of the Klez worm (Win32.HLLM.Klez) is that apart from everything else it also carries a virus Win32.Klez as a payload. The virus is carried inside the worm in a packed form.
The worm distributes itself by sending its copies via e-mail and upon getting inside the new system installs a virus in it. Since that moment the worm and the virus take separate roads: the worm keeps distributing by sending copies of itself to e-mail addresses from the Windows Address Book, while the virus starts infecting program files on the local drives as well as those located in the network folders available.
The letters sent out by the Win32.HLLM.Klez worm employ one of the comparatively well-known MS Internet Explorer vulnerabilities, which may allow to launch the worm automatically upon just opening a letter in MS Outlook or MS Outlook Express clients. Microsoft has already issued an appropriate software patch for its vulnerable software; you can find all details on the WWW-page
http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
The letter subject is randomly picked out by the worm from the following list:
The worm itself is added to the letter as an e-mail attachment with a random name and .PIF, .SCR, .EXE or .BAT extension.
The Doctor Web's virus databases were regularly updated with new versions of these worms and viruses upon their appearance. Namely, the latest version of this virus were included in the regular virus database update No 4 to the 4.27 program version. We take this opportunity to once again worn users to exercise caution and to keep SpIDer Guard activated all the time to block malicious programs and viruses access to their computers. And, of course, to update regularly Doctor Web virus databases on the computer - preferably on the daily basis.