- If you're seeing a sudden surge in the amount of e-mail
in your inbox, chances are it has little to do with your popularity.
-
- Delete buttons on personal computers are getting a workout
this week thanks to a tricky e-mail worm tunneling across America and the
rest of the world.
-
- Known as "Klez," the worm has been bombarding
mailboxes with unsolicited messages, replicating itself and changing its
own appearance by displaying a variety of subjects and senders.
-
- "It's a worm that spreads really quickly,"
said Sharon Ruckman, senior director for anti-virus software maker Symantec's
security response team. "And it carries an additional payload that
can do some damage."
-
- That additional payload is a virus known as "Elkern,"
which tries to infect other systems by sharing information. When combined
with Klez, the two create problems that go beyond large amounts of incoming
mail.
-
- "It can release confidential information on your
system which is never a good thing to have happen," Ruckman told WorldNetDaily.
"It also has the ability to remove anti-virus software."
-
- Klez is more deceptive than some previous problem e-mails,
as it has a wide variety of titles displayed in the subject line, and can
latch on to an e-mail address of someone a user knows and insert it in
the "From" field, making users more apt to open it and thus get
infected.
-
- Some of the titles listed in infected e-mails include:
-
- how are you
- let's be friends
- darling
- so cool a flash,enjoy it
- your password
- honey
- some questions
- please try again
- welcome to my hometown
- The Garden of Eden
- introduction on ADSL
- meeting notice
- questionnaire
- congratulations
- sos!
- japanese girl VS playboy
- look,my beautiful girl friend
- eager to see you
- spice girls' vocal concert
- japanese lass' sexy pictures
-
- Klez also uses some combinations of random words in subject
lines, to make it even more confusing. The random words include:
-
- new
- funny
- nice
- humour
- excite
- good
- powful
- WinXP
- IE 6.0
- W32.Elkern
- W32.Klez.E
- Symantec
- Mcafee
- F-Secure
- Sophos
- Trendmicro
- Kaspersky
-
- Some messages even appear to be trying to help PC users
by offering a patch or removal tool for Klez or Elkern, but are nothing
more than the worm itself.
-
- "They're trying to get people to open it,"
Ruckman said regarding the virus writers' clever deception skills. She
adds her company does not e-mail people randomly with removal tools.
-
- Symantec has ranked Klez at a category 3 medium risk
on a scale of 1 to 5, with 5 being the most dangerous.
-
- "That means it's spreading in the wild more quickly,
but it's not as serious as [other viruses like] Melissa or LoveBug,"
Ruckman said. She also says the Nimda virus which debuted last year is
still problematic.
-
- According to anti-virus software maker Trend Micro's
world virus tracking center, Elkern and Klez are currently the top two
ranked viruses. In the past 24 hours, they are estimated to have infected
over 400,000 files globally.
-
- Several strategies can be employed in preventing computers
from being infected. Home PC users should avoid opening the messages and
delete e-mails with attachments, especially if something appears strange
in the subject or sender's line.
-
- "Don't be curious about e-mail," Ruckman said.
"Just delete it." Once deleted, users should also empty their
trash bins.
-
- She also recommends having anti-virus software on your
machine, plus the "latest and greatest software patches," which
can be downloaded from Microsoft.
-
- Corporate e-mail users can have their system administrators
attack the problem by filtering out certain attachments and subject lines
at the gateway of their mail servers.
-
- If a computer has been infected, free removal tools are
available from both Symantec and Trend Micro.
-
- But despite assurances from anti-virus companies, some
organizations like ACT Teleconferencing in Hong Kong are having trouble
curing the problem.
-
- "Irrespective of what Symantec or other vendors
say, there has been no way to stop this worm in the short term," Bob
Deverell of ACT told the South China Morning Post this week.
-
- "We have been struggling to clean our machines,"
he said. "We haven't been able to stop it and we're very competent."
-
- http://www.wnd.com/news/article.asp?ARTICLE_ID=27376
|
