XBlock By Actiance - Home
Someone Spying on You? Fight Back!
Currently Notice: Undefined variable: incprefix in /data/www/xblock/product_show.php on line 123 25,860,543 Spy Software Busted!
Full Name:
Klez Worm
Type: Worm
Danger Level: 8
Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment: Worm that uses a bug in Internet Explorer and Outlook to automatically forward itself.
Very dangerous!

Running infected files causes the worm to reconstruct the uninfected host file using saved data. Such reconstructed files will have "~1" appended to the name (ex., infected MSOFFICE.EXE will be accompanied by an uninfected MSOFFI~1.EXE). The worm deletes them as soon as the program stops running so they exist only temporarily.

W32/Klez.e@MM sends itself out using SMTP protocol. It harvests the Windows address book for email addresses.

The virus may save a copy of itself into .RAR archives.

There is a date-activated payload associated with this threat. On the 6th day of March, May, September, or November, the virus may overwrite local and network files containing the following extensions with zeros: .txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak, or .mp3.

If the month is January or July, all files may be overwritten.

Back to the list of products removed by X-Cleaner

© Copyright 2003-2011, Actiance, Inc. All rights reserved.   Privacy Policy