Zia Askari
HYDERABAD: A new Internet worm that spreads by propagating itself through
mailboxes has struck several Internet savvy people in Hyderabad. Originating in
the US, the worm called W23/Klez mass-mails itself to everyone listed in the
address book of e-mail users.
The worm is exploiting a gap in the Microsoft outlook program. Before
propagating itself the worm drops another file- infecting worm - the W95/Elkern.cav.c-
this file infects the existing 'exe' files in the system, be it Windows 95/98,
ME or XP. It is also found that this worm affects the home segment the most.
According to Sophos, a UK based anti-virus Protection Company, the most
recent manifestation of the Klez worm is a variant known as Klez-H. Although
this has infected a number of companies Sophos users have been protected since
February 7th 2002 - when the company issued protection against an earlier
variant known as Klez-G.
The worm is approximately 90kb in size and can spoof the 'from' field often
set to an address on the victim's machine. What makes it more powerful is the
fact that the worm is also capable of mailing itself to addresses extracted from
various files of the victim's system. It arrives with an email message whose
subject can be 'hello honey', 'editor of a PC magazine' or a very funny
website'.
The worm generates a random file attachment with 'exe', 'scr', 'pif', or
'bat' extension. Opening or viewing the attachments results in the infection of
the systems. Sophos, has reassured its customers that if they have kept their
anti-virus software up-to-date they are already protected against the latest
variant of the destructive Klez worm. Besides corrupting files, the worm can
leak important or confidential data in the hard disk to its originator.
However the company has warned of a new variant of Klez (known as Klez.H,
I-Worm/Klez.H or W32.Klez.H@mm) spreading across the Internet, but users of
Sophos Anti-Virus have been protected against the new variant since 7 February
2002. It is believed that this deadly virus has infected more than 77,900
computer systems in more than 150 countries including India.
Sophos is strongly focused on the corporate marketplace where its vision,
commitment to research and development and rigorous attention to quality have
taken it from strength to strength. Sophos's increasingly rapid growth
internationally is reflected in a user base of well over ten million and
revenues which soared by more than 50 per cent in the year 2000-2001. The
company's products are sold and supported in over 150 countries through a global
network of subsidiaries and partners. It is a privately owned company, with
headquarters in the UK. It has subsidiaries and branch offices in the USA,
Australia, France, Germany, Italy, Japan and Singapore.