Share on Facebook Share on Twitter Email
Answers.com

Klez

 
Computer Desktop Encyclopedia: Klez
 
Home > Library > Technology > Computer Encyclopedia

An e-mail virus that exploits a vulnerability in the Internet Explorer browser and executes when the message is read or previewed. Possibly originating in China, several versions of the Klez worm have been introduced since late 2001. They deposit themselves in the PC's Windows directory with a random file name and set the Registry to launch at startup. Klez searches for e-mail addresses in the infected machine, and, using its own Internet mail transmitter (SMTP engine), sends messages to those addresses with virus attachments and a variety of subject headers and body text. Thus, the same user can keep getting different Klez e-mails from the same source.

In addition, Klez grabs an e-mail address in the infected machine and turns it into the "from" address. If your PC is virus free, but you get e-mails from others saying you are constantly infecting them, those e-mails are coming from some other infected PC that has your e-mail address somewhere in the computer (address book, old message, etc.). In addition, if you keep getting returned, undeliverable messages you never sent, an infected PC is sending e-mails using your from address to recipients whose mail addresses are no longer valid. See e-mail virus.

Download Computer Desktop Encyclopedia to your iPhone/iTouch

Search unanswered questions...

Enter a word or phrase...
All Community Q&A Reference topics

Wikipedia: Klez (computer worm)
 
Home > Library > Miscellaneous > Wikipedia

Klez is a computer worm that propagates via e-mail. It first appeared in the end of 2001. A number of variants of the worm exist.

Klez infects Microsoft Windows systems, exploiting a vulnerability in Internet Explorer's Trident layout engine, used by both Microsoft Outlook and Outlook Express to render HTML mail.

The e-mail through which the worm spreads always includes a text portion and one or more attachments. The text portion consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm, or a few lines of text that attempt to induce the recipient to execute the worm by opening the attachment (sometimes by claiming that the attachment is a patch from Microsoft; sometimes by claiming that the attachment is an antidote for the Klez worm). The first attachment is always the worm, whose internals vary.

Once the worm is executed, either automatically by the buggy HTML engine or manually by a naive user, it searches for addresses to send itself to. When it sends itself out, it may attach a file from the infected machine, leading to possible privacy breaches.

Later variants of the worm would use a false From address, picking an e-mail address at random from the infected machine's Outlook or Outlook Express address book, making it impossible for casual observers to determine which machine is infected, and making it difficult for experts to determine anything more than the infected machine's Internet Service Provider.

See also

External links


This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

 
 
Learn More
Jeff Warschauer (World Artist, '90s)
Smash, Clap! (1998 Album by Naftule's Dream)
Sid Beckerman (World Artist, '90s)

Post a question - any question - to the WikiAnswers community:

 

Copyrights:

Computer Desktop Encyclopedia. THIS COPYRIGHTED DEFINITION IS FOR PERSONAL USE ONLY.
All other reproduction is strictly prohibited without permission from the publisher.
© 1981-2009 Computer Language Company Inc.  All rights reserved.  Read more
Wikipedia. This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Klez (computer worm)" Read more

 

Mentioned in

» More» More