Infiltration of the Klez Virus
By Damon Marturion
New Business News Staff Writer
The Klez virus is the largest most successful virus deployment to date
Let us consider the following scenario:
You are a system administrator for your business that has his or her own dot-com address. All of a sudden you are getting a flood of non-deliverable email messages from a variety of sources that indicate that your server is sending a mass emailing to what could be thousands of recipients.
Your first inclination is that your system may be infected with a worm virus that is using your system's resources to deploy itself to the masses. So you run a virus check on your system. Hmm... No virus.
Next you check your activity logs to see if there has been a heavy drain on your email systems resources. Hmmm... Comes up normal. So you assume that all is well, and it is... then the other shoe drops:
Now you're getting returned email from other system administrators that states that your emails were not delivered to their intended recipient, because your message was infected with the Klez virus.
Yet, you didn't send those emails... and if that wasn't enough, now you're getting email from persons unknown saying something to the effect of:
Thanks for infecting my computer with the Klez virus, you jerk. Stop sending me emails with your virus!
What actually happened?
This is the brilliance behind the Klez virus. Once it infects a machine, it scans the user's email inbox and randomly selects an email identity. In the aforementioned scenario, your business was the lucky selection.
Now, disguising itself as your business, it sends emails with randomly generated subject lines to all the email addresses found on the infected machine.
Questions: What to do? What can you do? Answer: Nothing, really. The person with the infected machine is unaware that it is distributing itself, using your (or someone else's email identification information). This is the cleverness behind this obnoxious virus, which is really more of an email worm infection, than a virus. It will not destroy an infected machine.
If your machine is infected, what can you do? Here, is where you can actually do something to remedy the matter: Virus watchdogs, Symantec (the makers of Norton Antivirus), have a free removal tool available at http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html to rid most infected machines of the virus.
Many variants of the virus have been deployed. The messages and attachments have been cloaked with so many variations from, "Click here for Klez removal tool," to random characters and subjects taken from the infected machine's own mailbox, which make the message seem more credible if it appears that it is from a trusted person that you know personally, and has a familiar subject line.
The W32.Klez.H@mm worm currently toping the lists of most widespread malware has a destructive new twist. Antivirus vendors have received samples of Klez transporting the more dangerous W95.CIH.1049 virus that can permanently damage computers. Mass-mailer Klez.H sends messages to all recipients that it finds on an infected users computer, leading to clogged mail servers and extensive cleanup time, though it carries no destructive payload.
Copyright 2001 by New Business News.
All rights reserved.
. . . watch for more stories coming soon