It steals and sends out confidential information, drops the Elkern.C virus, kills processes and deletes files.
Affected platforms:
Windows XP/2000/NT/ME/98/95
First detected on:
April 17, 2002
Detection updated on:
Oct. 31, 2007
Statistics
No
Proactive protection:
Yes, using TruPrevent Technologies
Family:
KLEZ
Brief Description
Klez.I is a worm that reaches computers in an e-mail message with a variable subject.
It is very easy to become infected by this worm, as it is automatically activated when the message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows e-mail attachments to be automatically run.
Klez.I is very dangerous because:
It automatically and rapidly spreads to all the contacts in Outlook's Address Book.
It camouflages itself by changing the sender and subject of the messages it sends out.
It selects files (which could contain confidential informatiom) at random from the affected computer and sends them to third-parties.
It deletes certain files.
It drops the W32/Elkern.C virus in the affected computer.
Visible Symptoms
Klez.I is difficult to recognize, as it reaches the computer in an e-mail message with variable characteristics. Most common subjects are:
A powful tool
Worm Klez.E immunity
A funny website
Klez.I is characterized by its ability to modify the subjects of the messages it sends out. This makes it particularly difficult to identify the worm as it reaches the computer via e-mail. In order to generate the subjects, it uses the following:
Words included in its code.
Texts found in files on the affected computer.
For more information, consult the section Means of transmission.