WS>>Nasty new "W32/KLEZ.H" worm thrashes Microsoft Outlook users

carl william spitzer iv cwsiv_2nd at JUNO.COM
Mon May 27 13:49:09 MDT 2002


          By JOHN SCHWARTZ

           rogue  computer program that is the online  equivalent
     of  a quick-change artist is infecting computers around  the
     world via e-mail and clogging computer networks.

          The program, W32/KLEZ.H, is a "blended threat," combin-
     ing elements of a virus, which infects machines, and a worm,
     which  transports  itself from machine to machine.  It  also
     tries to disable some antivirus programs.

          It makes itself hard for users to spot by changing  its
     e-mail  subject line, message and name of the attachment  at
     random, drawing from a database that includes, for  example,
     such  subject  lines as "Hello, honey," and  "A  very  funny
     website."

          The  program  has grown increasingly  common  as  users
     unknowingly  activate it sometimes without even opening  the
     e-mail  attachment  that carries the virus and allow  it  to
     send  copies of itself to those in the victim's  e-mail  ad-
     dress file.

          "It is exploding," said Keith Peer, chief executive  of
     Central Command, a computer security company.

          The  rapid  spread of the program caused  Symantec  and
     McAfee.com, two prominent computer protection companies,  to
     upgrade  their  warnings about it in recent  days;  Symantec
     said  on its Web site that it now considered the  program  a
     "category 4" risk, its second-highest ranking.

          The  program  exploits  vulnerable  spots  in  computer
     programs,  most  notably a problem in  earlier  versions  of
     Microsoft's  mail  programs, Outlook  and  Outlook  Express,
     which allows some types of computer programs to be activated
     even if they are in the "preview pane."

          The program can also grab files randomly from  victims'
     hard drives and send them out, but it does little damage  to
     the machines themselves, antivirus companies said.

          Microsoft has had patches available to fix these  prob-
     lems for more than a year, but many people do not keep their
     software  up to date, said Vincent Weafer, the  director  of
     research at Symantec Security Response.

          Although  most  antivirus  software  programs   already
     provided protection against the Klez family, the new variant
     has  enough new wrinkles to trick some of the  digital  sen-
     tries. The latest versions of software have been updated  to
     block the worm, and the companies offer free online tools to
     cleanse infected machines.

http://www.nytimes.com


________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.



More information about the Rushtalk mailing list