The Klez Virus and its dirty tricks

Dennis Faas's picture

Infopackets Reader Lou G. write s:

" Dear Dennis,

Last week I was flooded with Klez virus containing emails which didn't effect my PC as I avoided opening them until I had tested the sources by replying. One source which constrained an obvious virus attachment was sent by someone who has denied knowing anything about the virus. It has become obvious from my communication with this person that another web site where both of us are listed was the source of information that the hacker used. The hacker used this source to gain both a "From: and a "To:" for their dirty trick(s). Have you got any suggestions as to what course of action I might take in an effort to track down this criminal? "

My response:

The Klez virus is very deceitful. As far as I understand it, the virus works like this:

  1. The Klez Virus is received via email and Outlook Express;
  2. The Klez Virus then looks through address book of the infected computer, consisting of email addresses and names (Outlook Express keeps track of who you email and they are automatically added into your address book).
  3. The Klez Virus then chooses an email address / name at random and uses it in the FROM: field for purpose of propagation;
  4. The rest of the people listed in the address book are then sent a message, FROM: the random email address in Step #3, along with the Klez Virus itself sent as the attachment.

The entire process is repeated.

There is really no way of knowing where the virus came from, or who sent it, since all information is generated erroneously. The best you can do is get a decent (free) virus scanner and hope for the best.

Side note: In the recent past, I used Mcafee Virus Scan version 6.02 unsuccessfully to combat the Klez Virus. Unfortunately, my experience was not good -- Mcafee 6.02 choked on the Klez virus every time, causing my system to freeze temporarily, while reporting that it could not "find" the virus (Win2k SP2 / IE 5.5 / Outlook 5.5). So, be aware!

PS: There is a * free * KLEZ fix from Symantec (the Norton Anti Virus people) available at from this link.

Rate this article: 
No votes yet