Symantec Alert - W32.Klez.e@mm

Symantec Alert - W32.Klez.e@mm

SYDNEY --NSW - March 7, 2002 -- Symantec first had definitions for W32.Klez.e@mm since January 17, 2002 and Klez was given a level 2 rating on a scale of 1-5, with 5 being the most serious. The rating for Klez has now been upgraded to level 3. Customers that have updated their definitions since January 17 are protected.

W32.Klez.e@mm is a mass-mailing worm that also attempts to copy itself to network shares. It also uses random subject lines, message bodies and attachment file names and triggers on the 6th of every second month. W32.Klez.e@mm also overwrites files and creates hidden copies of the original.

The worm also attempts to disable some common AV products and has a payload that fills files with all zeros, which means the users will not be able to repair. Instead users will need to restore files from backup.

W32.Klez.e@mm e-mails itself out to addresses found in local files, Outlook and ICQ (a chat client that works on a proprietary network such as AOL) address books.

Since January 17, there has been a steady increase in the number of submissions made. Globally, Symantec Security Response has received a high number of submissions with Asia Pacific representing about 9 percent of all worldwide submissions.