Go to the FreeLists Home Page Home Signup Help Login 		 



[cybercrime-alerts] || [Date Prev] [05-2002 Date Index] [Date Next] || [Thread Prev] [05-2002 Thread Index] [Thread Next]

Worm Writers Get Wormier

  • From: alerts@xxxxxxxxxxx
  • To: cybercrime-alerts@xxxxxxxxxxxxx
  • Date: Wed, 01 May 2002 12:49:38 -0400
* this message via http://techPolice.com *


---------------------------------------------------------
IF YOU ENJOY CYBERCRIME-ALERTS
YOU MAY LIKE OUR AD FREE MONTHLY
NEWSLETTER AT http://theMezz.net
---------------------------------------------------------


Worm Writers Get Wormier

April 24, 2002
By  Mary E. Behr
http://www.pcmag.com

Most viruses and worms, although wantonly destructive, are technologically 
clever. Today many are all that and more: They are a marvel of social 
engineering.

Consider an e-mail a PC Magazine staffer recently received in his personal 
account. The subject was "Worm Klez.E immunity." Klez.E was a very malicious 
worm that was first detected in January. The body of the message was the 
following:


Klez.E is the most common world-wide spreading worm. It's very dangerous by 
corrupting your files. Because of its very smart stealth and anti-anti-virus 
technic, most common AV software can't detect or clean it. We developed this 
free immunity tool to defeat the malicious virus. You only need to run this 
tool once, and then Klez will never come into your PC. NOTE: Because this tool 
acts as a fake Klez to fool the real worm, some AV monitor maybe cry when you 
run it. If so, Ignore the warning, and select 'continue'. If you have any 
question, please mail to me.
The attached "tool" was none other than Klez.H, the latest variant Worm_Klez.A, 
which was initially encountered in October 2001. According to MessageLab's 
VirusEye (www.messagelabs.com/VirusEye/), at 9:21 A.M. Wednesday, April 24, the 
online e-mail security provider had encountered nearly 24,000 Klez.H infections 
in the previous 24 hours. By comparison, Klez.E, the last version, was down to 
1,065 infections.

As with most worms and viruses these days, Klez.H exposes another social 
foible--that people are lax about staying up to date on security patches. It's 
important to note that updated versions of Microsoft Outlook and Outlook 
Express are immune to the worm. See Microsoft's Windows Update 
(www.windowsupdate.com) and Office Update (http://office.microsoft.com) for the 
latest patches for your e-mail software.

Perverse propagating is not the only thing Klez.H is about. The worm modifies 
the system Registry to ensure that it loads at startup and goes about infecting 
EXE files, deleting antivirus files, and overwriting files. It also has the 
ability to infect a network through shared folders or drives.

The good news is that all major antivirus packages seem to catch Worm_Klez.H-- 
despite any e-mail message to the contrary.


Copyright (c) 2002 Ziff Davis Media Inc. All Rights Reserved.
http://www.pcmag.com/article/0,2997,s=1490&a=25927,00.asp

--
This was sent to you from http://theMezz.com
To Subscribe/Unsubscribe go to http://techPolice.com




[ Home | Signup | Help | Login | Archives | Lists ]

All trademarks and copyrights within the FreeLists archives are owned by their respective owners.
Everything else ©2008 Avenir Technologies, LLC.