Klez is a mass-mailing email worm first discovered in January of 2002. The worm uses random subject lines, message bodies, and attachment file names. The attachment will have one of the following extensions: .bat, .exe, .pif or .scr. You should not open unknown attachments. It searches the Windows address book for email addresses and sends messages to all recipients that it finds. The worm uses its own SMTP engine to send the messages.

The worm part contains a hidden message targeted towards anti-virus researchers. Most e-mail clients will not show this message. Opening or even just previewing these emails can execute the worm, overwriting files and creating hidden copies of the originals. Depending on which variant of the worm, the worm will drop one of the following viruses:

W32.Elkern.3326, W32.Elkern.3587, or W32.Elkern.4926

which will then infect the system.

You can get return messages that your computer is infected when it is not because the worm using "email spoofing". On an infected computer, it sends out infected attachments and makes the "From" value in the email some address that it has found in the infected computer's address book. Therefore, the email appears to come from that person.

If you receive such a message, be sure that you are using the most current version of your virus protection software and virus definition files, and do a full scan of your system. If the virus is not found you need not worry.

Log in or register to write something here or to contact authors.