W32.Klez.A@mm

W32.Klez.A@mm is a mass-mailing email worm. It attempts to copy itself into folders on both local and network drives.

The worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

The worm also inserts the virus W32.ElKern.3326. W32.ElKern.3326 can also infect W32.Klez.A@mm.

Finally, the worm executes its payload on the 13th of January, March, May, July, September, and November. The payload causes files on local and mapped drives to become zero bytes in size.

Removal tool
Symantec provides a tool to remove infections of all known variants of W32.Klez and W32.ElKern. Click here to obtain the tool. This is the easiest way to remove these threats and should be tried first.




For information about how Klez affects a Macintosh computer, read the document Are Macintoshes affected by the Klez virus?

Protection

• Initial Rapid Release version October 26, 2001
• Latest Rapid Release version October 26, 2001
• Initial Daily Certified version October 26, 2001
• Latest Daily Certified version June 17, 2008 revision 017
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High