Klez storms monthly virus charts

Klutzes infected by virus variants

By John Leyden, 30th April 2002

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Variants of the Klez worm were by far the most common viruses circulating on the Internet this month.

That's according to monthly statistics from managed services firm MessageLabs, which stopped 422,507 viruses in April, way up on the 161,904 it blocked in March, after a mercifully quiet start to the year in terms of virus infections. MessageLabs reports that virus infection rates are currently running at around one per 265 emails, which compares to one in 30 infected emails at the heights of the Goner and Love Bug epidemics.

Antivirus vendors such as Symantec have recently upgraded the threat level posed by Klez, but the worm is more accurately described as the latest high-profile virus rather than one of the most damaging.

In the last four weeks MessageLabs blocked 251,171 emails infected with Klez-H, with 40,239 SirCam infection-bearing emails stopped, and Klez-E (37,831) also featuring prominently in its monthly chart.

Klez is a mass-mailing worm that searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The subject and attachment name of incoming emails is randomly chosen, making it harder for users to spot. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. Klez is capable of infecting files.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found here. ®

Top ten viruses blocked by MessageLabs in April