Trade Point b2b portal and India directory for Manufacturers, exporters, importers, buyers, sellers, import export agents and distributors InfoBanc - Gateway to overseas markets and reliable source of information on export import trade
You can Advertise here
Home Buyers Markets Agent/Distributors Directory Resources Logistics Services Faq Join
Home  >   All Articles >   You are here   [Site Map

Beware of Klez - Newest e-mail virus

Detected only last week (April 17' 2002), Klez virus has taken notorious proportion in a very short span of time causing large scale destruction and mayhem in e-mail community. Symantec (Norton Anti-Virus) has been quick to upgrade the threat level from level 2 to level 3 within a week !

Like many of its predecessors, Klez virus comes as attachment in e-mail. However, unlike its predecessors, the e-mail disguises as a friendly tip or warning from someone YOU REGULARLY RECEIVE MAIL.

Not that apparent sender's computer is infected, but the virus is intelligent enough to pick up as sender such a mail address from infected computer's Inbox, Outbox, Address Book or ICQ that is unlikely to raise suspicion in receiver's mind.

We have received e-mails laced with Klez virus that seem to have originated from as varied and dependable sources as Worldbank, Yahoo, and even helpdesk@del1.vsnl.net.in !

So, if you receive e-mail from infobanc with file attachment - DELETE IT IMMEDIATELY ! We never send e-mail with file attachment without prior permission from receiver.

HOW TO DETECT THE VIRUS

Symantec (http://www.symantec.com) has given detail information on how to detect e-mails containing Klez virus. The e-mail will have one or two file attachments and a Subject line like following:

  • Undeliverable mail--"[Random word]" 
  • Returned mail--"[Random word]" (e.g. Returned mail--"honey" )
  • a [Random word] [Random word] game (e.g. A special excite game)
  • a [Random word] [Random word] tool (e.g. A very useful tool
  • a [Random word] [Random word] website (e.g. A very funny website)
  • a [Random word] [Random word] patch (e.g. A IE 6.0 patch)
  • [Random word] removal tools
  • how are you
  • let's be friends
  • darling
  • so cool a flash,enjoy it
  • your password
  • honey
  • some questions
  • please try again
  • welcome to my hometown
  • the Garden of Eden
  • introduction on ADSL
  • meeting notice
  • questionnaire
  • congratulations
  • sos!
  • japanese girl VS playboy
  • look,my beautiful girl friend
  • eager to see you
  • spice girls' vocal concert
  • japanese lass' sexy pictures

HOW THE VIRUS DAMAGES YOUR COMPUTER

According to Symantec, the virus can impart damages in following ways:

Payload:

This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.

Large scale e-mailing:

This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment.

Releases confidential info:

Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment.

DETECTION AND REMOVAL

For all its stealth technology and intelligence, fortunately detection of Klez virus and removal is not difficult. First of all, if you delete the e-mail without opening the file attachment -you are safe. In case you or your staff accidentally opens the attachment and the computer gets infected, detection and removal is comparatively easy. The virus binds itself to a random file in Windows/System directory. Symantec has given step by step instruction on how to detect its presence from Windows Registry file. In case you find your system infected, follow the removal instructions in www.symantec site.

Related Links:

Source: FAIDA - Newsletter on Business Opportunties from India and Abroad Vol: 3, Issue 4 April 25' 2002
Author : Dr. Amit K. Chatterjee
(Amit worked in blue-chip Indian and MNCs for 15 years in various capacities like Research and Information Analysis, Market Development, MIS, R&D Information Systems etc. before starting his e-commerce venture in 1997. The views expressed in this columns are of his own. He may be reached at amit@infobanc.com )


Copyright © All Rights Reserved. Limited permission is granted to publish this article in a web-site or printed in a journal/ newspaper/ magazine provided the publisher takes prior permission from author, do not make any change in the article (i.e. keep it exactly same as displayed above) and cite the Source of this article as The Great Indian Bazaar with a link to this page.



Site Map | About Us | Exchange Link | Global Partners | Membership Form
FAQ | Jobs | Advertisement | Privacy Policy | Terms & Conditions
Suggestion | Success Stories | Contact Us
All rights reserved.Copyright © 1997 - 2007 Ace InfoBanc Private Limited,
Trade Point, b2b portal and India directory for manufacturers, exporters, importers, agents and distributors