We would like to bring it to your attention that there is a NEW virus
currently spreading. The following is the description of the
virus.
Name:
W32/Klez-G
Aliases:
Win32.Klez.I@mmType:
Internet and Network Worm, written in Visual C
language.
Size:
84.6Kb
Risk:
Medium
DESCRIPTION:
W32/Klez-G is a slight modification of
Worm/Klez-A is an Internet worm
capable of spreading through the local
network under Windows
32-bit systems and infected EXE Files. In order to be
able to remain as a
resident virus in the workspace, it infects the file
KERNEL32.DLL.
Like other variations, the worm arrives through e-mail in
the following
format:
Subject Lines include (but not limited
too):
- Fw: A nice game
- Re: A WinXP patch
- Re: Good removal
tools
- Fw: A humour website
- how are you
- For more information,
please visit
Body Text (examples):
- This is a nice game
This
is my first work.
Your're the first player.
I would expect you would enjoy
it
- Hello,This is a humour game
This game is my first work.
You're
the first player.
I expect you would like it.
Attachment
(examples):
- kitty.exe
- rock.exe
- play.scr
It uses an
exploit (a security hole) that allows the attachment to be
executed when
viewing the message with Microsoft Outlook
Express or Outlook (without
Service Packs installed). This method is
similar to the one used by Nimda or
Kak worms.
Microsoft has issued a patch which protects users against this
vulnerability. It can be downloaded by visiting
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.aspREMOVAL
TOOL:
Microsoft has issued a patch which protects users against this
vulnerability. It can be downloaded by clicking here.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp
