Klez (computer Worm)
   HOME

TheInfoList



Click Here for Items Related To - Klez (computer Worm)
OR:
Klez (computer Worm) on:   [Wikipedia]   [Google]   [Amazon]

Klez is a
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
that propagates via
e-mail Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
. It first appeared in October 2001 and was originated in
China China, officially the People's Republic of China (PRC), is a country in East Asia. With population of China, a population exceeding 1.4 billion, it is the list of countries by population (United Nations), second-most populous country after ...
. A number of variants of the worm exist. The virus (Klez) itself is a
Windows PE Windows Preinstallation Environment (also known as Windows PE and WinPE) is a lightweight version of Windows used for the deployment of PCs, workstations, and servers, or troubleshooting an operating system while it is offline. It is intended t ...
EXE Exe or EXE may refer to: * .exe, a file extension * exe., abbreviation for Executive (disambiguation)#Role, title, or function, executive Places * River Exe, in England * Exe Estuary, in England * Exe Island, in Exeter, England Transportation a ...
file of about 65 KB, and it operates on
WIN32 The Windows API, informally WinAPI, is the foundational application programming interface (API) that allows a computer program to access the features of the Microsoft Windows operating system in which the program is running. Programs can acces ...
platforms. Klez infects
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
systems, exploiting a vulnerability in
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated as IE or MSIE) is a deprecation, retired series of graphical user interface, graphical web browsers developed by Microsoft that were u ...
's
Trident A trident (), () is a three- pronged spear. It is used for spear fishing and historically as a polearm. As compared to an ordinary spear, the three tines increase the chance that a fish will be struck and decrease the chance that a fish will b ...
layout engine, used by both
Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites. Primarily popular as an email client for businesses, Outlook also includes functions such as Calendari ...
and
Outlook Express Outlook Express, formerly known as Microsoft Internet Mail and News, is a discontinued email and news client included with Internet Explorer versions 3.0 to 6.0. As such, it was bundled with several versions of Microsoft Windows, from Windows ...
to render
HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...
mail. The e-mail through which the worm spreads always includes a text portion and one or more attachments. The text portion consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm, or a few lines of text that attempt to induce the recipient to execute the worm by opening the attachment (sometimes by claiming that the attachment is a patch from Microsoft; sometimes by claiming that the attachment is an antidote for the Klez worm). The first attachment is always the worm, whose internals vary. Once the worm is executed, either automatically by the buggy HTML engine or manually by a user, it searches for addresses to send itself to. When it sends itself out, it may attach a file from the infected machine, leading to possible privacy breaches. Later variants of the worm would use a false ''From'' address, picking an e-mail address at random from the infected machine's Outlook or Outlook Express address book, making it impossible for casual observers to determine which machine is infected, and making it difficult for experts to determine anything more than the infected machine's Internet Service Provider.


See also

* Timeline of computer viruses and worms *
Comparison of computer viruses Creating a unified list of computer viruses is challenging due to inconsistent naming conventions. To combat computer viruses and other malicious software, many security advisory organizations and anti-virus software developers compile and publis ...
*
Computer viruses A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" wit ...


References


External links


Anti-virus provider F-Secure Klez information

Anti-virus provider Trend Micro Klez information

Anti-virus provider Symantec Klez information


{{Hacking in the 2000s Email worms Hacking in the 2000s 2001 in computing