New Klez.G Email Worm Targets Outlook, Express

By eSecurity Planet staff

Virus watchers are issuing warnings about a new variant of the Worm/Klez.E mass mailing worm that allows an email attachment to be executed by merely viewing the email message in un-patched versions of Microsoft Outlook Express or Outlook.

Worm/Klez.G was discovered on April 17, according to the anti-virus software vendor Central Command. In one 24-hour period late last week, infection reports rose over 325%, the company said.

Symantec and TrendMicro likewise rate the worm and its variants, which include [email protected], as a medium risk, or a 3 on a scale of 1-5, because the worm is highly prevalent in the wild.

The worm contains its own SMTP email engine, enabling it to send out email messages, with itself as an attachment, to users listed in the address books of targeted systems. It also searches local files for email addresses.

Worm/Klez.G searches hard disks on infected systems and randomly attaches a file to each email it sends, thus potentially releasing confidential information from infected users.

The worm uses a number of different subject lines, including: Fw: A nice game, Re: A WinXP patch, Re: Good removal tools, Fw: A humour website, how are you, For more information, please visit.

Microsoft has issued a patch that will protect users against the vulnerability the worm exploits. The patch is available here.

For more information on W32/Klez variants, see the CERT/Coordination Center Web site.

Top Products

Related articles