Mobile menu

Let Klez be a lesson to you
Thread poster: Evert DELOOF-SYS

Evert DELOOF-SYS  Identity Verified
Belgium
Local time: 00:13
Member
English to Dutch
+ ...
Apr 30, 2002

By Edward Hurley, Assistant News Editor

30 Apr 2002, SearchSecurity



Klez\'s reign appears to be waning, though users should still be cautious of unsolicited e-mails, security experts said.



For more than 10 days, variants of the Klez worm have infected thousands of systems around the world. Some carried payloads capable of destroying executable files. Discerning the messages carrying the malicious code wasn\'t easy as it used randomly generated subject lines and attachment names.



A survey by Panda Software quantifies the rate of infection. Panda said its research found that 7.2% of computers in world are infected with the worm. Symantec had about 14,000 submissions of the virus by Friday including 500 from corporate customers. By far, the worm is responsible for the biggest outbreak this year.







Lessons learned



Users can learn a few lessons from Klez.H. For starters, the worm highlighted the need to keep antivirus definitions updated. All the major antivirus software vendors had updated their signature files well before the worm took off. The worm generated random subject lines and messages, unlike \"ILOVEYOU\" or \"Anna Kournikova,\" making good antivirus protection very important, said Steve Trilling, senior director of research at Symantec\'s Security Response.



Users should also keep on top of patching software. Klez\'s spread, in part, can be traced to the way it exploited a flaw in Outlook that would execute the malicious code by viewing it through the Preview Pane. Symantec advises users to be proactive in their patching.



\"A lot of people will only install a patch to solve a problem they are having,\" Trilling said.



Finally, e-mail users need to be cautious about opening attachments even if they come from people they know. As Klez.H shows, one can\'t always trust that an e-mail comes from the person who it appears to. Such trust with opening attachments is a cultural point that will have to change, Trilling said.





Trust no one



Klez is capable of harvesting e-mail addresses from the cached Web pages and files of infected systems. Messages may appear to come from a friend, when in fact it comes from an infected system belonging to someone who has your friend\'s e-mail address.



Over time, people will become more suspicious of unsolicited e-mails with attachments much as they would be cautious with a strange package that arrives, Trilling added.



\"Imagine you were walking down a street. Someone comes up and says they are from the World Health Organization and offers you a pill saying you will never be sick again if you take it. No one would swallow the pill,\" Trilling said.



Reasons abound for why Klez seemed to gain ground to an extent that no other virus has this year. For starters, the worm took advantage of a common flaw in Microsoft Outlook. Users with the vulnerable e-mail application could infect their systems simply by viewing the message through the Preview Pane or opening the e-mail. In other words, one wouldn\'t have to double click on the attachment to execute it.



The worm also targets antivirus software files so this could also account for Klez\'s spread, said Patrick Hinojosa, CTO of Panda Software. Some versions of the worm carried the Elkern virus, malicious code that targets files with the names of the major antivirus companies.



Klez.H is also effective in harvesting e-mail addresses from infected machines. Beside pillaging the Microsoft address book and the ICQ database, the worm searched for e-mail addresses in a host of files including documents, text files and even cached Web pages. As a result, the worm can send out a barrage of e-mails from one infected machine using its own SMTP engine.



Each e-mail sent has a randomly selected subject line and name for the attachment carrying the worm. The lines use a variety of subject lines from promises of pictures of the sender?s girlfriend to patches.



One reason for why Klez.H spread so much could be employees accessing home e-mail accounts from work, said Chris Rouland, director of Internet Security Systems (ISS) research team, X Force. Such activity is another \"attack vector\" for malicious code as it bypasses most companies? security features.



Blocking Web-based e-mail accounts would be \"very Draconian,\" Rouland admits. But companies could easily set up a way to temporary block access when a major worm like Klez.H is making its way around.





http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci820435,00.html
[addsig]


Direct link Reply with quote
 

ttagir  Identity Verified
Local time: 01:13
Member (2002)
English to Russian
+ ...
I alerted on the matter some weeks ago... Apr 30, 2002

Dear all!



I placed a couple of postings (one in Russian) on Forum pages several weeks ago. Thanks to all who read and dowloaded AVP - perhaps the most powerful tool against Inet viri.



As one can know, that \"new\" Klez (there are several versions of this rather dangerous worm) now is crawling over our PCs(...



Please note that the most reliable tool to kill it (and its relatives as well) can be found on the site

http://www.avp.ru

(Kasperski AV Laboratory). They have special utility to kill \"Klezes\" definitely: file named clrav.com (about 77KB). Read indications on the site in English!



AVP\'s homepage has English interface as well. So, you can easily download the FREE antiviral tool against Klezes (and some other wormin\' Inet viri)!



Good luck to all in your fight! Seriously!

Yours,

Tagir.



Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Let Klez be a lesson to you

Advanced search


Translation news related to CAT tools





SDL Trados Studio 2015 Freelance
The industry-leading translation software used by over 200,000 translators.

SDL Trados Studio helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »
Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs