1. /
  2. Security Response/
  3. W32.Klez.A@mm

W32.Klez.A@mm

Risk Level 2: Low

Discovered:
October 25, 2001
Updated:
February 13, 2007 11:37:35 AM
Also Known As:
W32.Poverty.A@mm, W32.Klez.gen@mm
Type:
Worm

W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy itself into folders on both local and network drives.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

The worm also inserts the virus W32.ElKern.3326. W32.ElKern.3326 can also infect W32.Klez.A@mm.

Finally, the worm executes its payload on the 13th of January, March, May, July, September, and November. The payload causes files on local and mapped drives to become zero bytes in size.

Removal tool
Symantec provides a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.




For information about how Klez affects a Macintosh computer, read the document Are Macintoshes affected by the Klez virus?

Antivirus Protection Dates

  • Initial Rapid Release version October 26, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version October 26, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High
Writeup By: Atli Gudmundsson

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver