Virus Top 10: Klez still can't be shaken

[Skippy]

Klez has claimed a remarkable thirteenth month in the top 10 list of most frequently occurring viruses - raising concerns about the vigilance of IT managers and administrators charged with updating their company's anti-virus software.

For the full story visit: Silcon

[Hardboy]

Is this me, or is this virus Yet-Another-Made-In-VB-Virus-And-Is-Only-Spread-Because-People-Use-MSOutlook ??

[odin]

Yup, and cos ppl dont use their virus scanners.

[DanDude]

Haha, I'm still using my Amiga for emails!

[Elektro]

Or eat chicken soup.

[Waccoon]

Hardboy:  Is this me, or is this virus Yet-Another-Made-In-VB-Virus-And-Is-Only-Spread-Because-People-Use-MSOutlook ??

Not as far as I know.  I get this virus e-mailed to me five times a day, and it doesn't cause any major warnings, VB scripting, or ActiveX requests in Outlook Express.  After two years of no problems, I finally bought Norton Antivirus just to be safe, and found no viruses on my computer.  I've never gotten a virus just by downloading mail from my mail server, although I heard that it can happen.

Mostly, it's just the same old crap:  people being stupid and running executable files they get in their mail.  Actually, Klez spreads itself as a PIF, but it is really an executable.  PIFs are Program Information Files, and are normally links to executables.  You still have to "run" it to get the virus.

What really ticks me off is that Klez spoofs the "From" address, so the address that shows up in the "From" line might not be from the computer that sent the e-mail.  Klez is a real pain

BTW, what does Klez *DO*?

[csirac_]

Klez is a mass mailer, as you have observed, it spreads, infects other files, corrupts files and ultimately causes much system instability. I'm sure I've seen klez ultimately it destroy data on customer's HDDs; When it is finally triggered to be destructive, you get a colourful screen spewing garbage ascii on bootup and it basically sits there corrupting your drive, I think, but this is from symantec (there are many varients of Klez, this is one of them):

"Payload: This worm infects executables, by creating a hidden copy of the original host file, and then by overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.

    * Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment.
    * Releases confidential info: Worm randomly chooses a file from the machine to send with the worm to recipients. So, the files with the extensions: ".mp8", ".txt", ".htm", ".html", ".wab", ".asp", ".doc", ".rtf", ".xls", ".jpg", ".cpp", ".pas", ".mpg", ".mpeg", ".bak", ".mp3", or ".pdf" would be attached to the email messages with the viral attachment."

[System]

For those of U that uses Amiga, your have nothing to fear. This is an PC/Windows virus. There is NO way that it can infect an Amiga