Threat Center Threats Explained Threat Encyclopedia Threat Blog Security Tips Case Studies White Papers Newsletter Signup
 

Win32/Klez.E


Win32/Klez.E is a worm spreading as a file attachment of the email messages.  Subject of the message, name of the file in the attachment (but not its extension), and the body of the message are random. 
The worm exploits a security vulnerability found in various versions of the Microsoft Outlook and Outlook Express applications. The description of the vulnerability can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp.  On computers that do not have the vulnerability treated the worm may be activated already by displaying the message overview.
After being activated the worm copies itself as the file Wink*.exe into the subdirectory SYSTEM (Windows 9x/ME) or SYSTEM32 (Windows NT/XP/2000) in the directory with the operating system.  Instead of the character "*" there will be 2 or 3 lowercase letters in the filename.  To ensure its activation after the system restart the worm creates a key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
The worm tries to deactivate resident anti-virus programs Norton Antivirus, Scan, Antivir, Sophos Antivirus, AVP/KAV, F-Secure, F-PROT, NOD32, PC-cillin.  It may delete files containing check sums of specific anti-virus programs.
The worm is able to spread on local computer networks as an EXE file with doubled extension and as an RAR archives containing the worm with doubled extension, respectively.
Addresses to which it will send out its copies the worm gets from WAB files and from the list of ICQ users.  The file attached to the message sent out by the worm has an extension PIF, SCR, EXE or BAT.  The name of the file is randomly generated.
The worm creates the virus Win32/ElKern.B on the disk.  On the 6th day of odd months it overwrites files on disk by random data.



PROTECT YOUR COMPUTER!
ESETs NOD32 antivirus software provides comprehensive, easy-to-use, and affordable protection from todays and tomorrows threats. We put the malware expert inside the software, so you don’t have to become one.

DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE

 

 
Top of Page Back One Page Print this Page