Re: [ALSC-Forum] Worm Klez.E immunity

[Micheal Sherrill]

Yeah, right.  I am supposed to open up a file that will act like a fake worm and just ignore the warnings from my antivirus program when it starts to infect my computer.  You need to do something else with your spare time besides trying to practice being a cyberpunk.

The following is what Symantec Antivirus Resource Center (SARC) has to say about KLEZ:

Damage: 
·	Payload: This worm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension. 
o	Large scale e-mailing: This worm searches the Windows address book, the ICQ database, and local files for email addresses. The worm sends an email message to these addresses with itself as an attachment. 
o	Releases confidential info: Worm randomly chooses a file from the machine to send along with the worm to recipients. So files with the extensions: ".mp8" or ".txt" or ".htm" or ".html" or ".wab" or ".asp" or ".doc" or ".rtf" or ".xls" or ".jpg" or ".cpp" or ".pas" or ".mpg" or ".mpeg" or ".bak" or ".mp3" or ".pdf" would be attached to e-mail messages along with the viral attachment. 
Distribution: 
·	Subject of email: Random 
·	Name of attachment: Random 

Or go to http://www.sarc.com/avcenter/venc/data/w32.klez.h@mm.html




---------- Original Message ----------------------------------
From: infocom <infocom@avu.org>
Date:  Mon, 22 Apr 2002 13:08:57 -0400

<HTML><HEAD></HEAD><BODY>

<FONT>Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.<br>
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.<br>
We developed this free immunity tool to defeat the malicious virus.<br>
You only need to run this tool once,and then Klez will never come into your PC.<br>
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.<br>
If so,Ignore the warning,and select 'continue'.<br>
If you have any question,please <a href=mailto:infocom@avu.org>mail to me</a>.</FONT></BODY></HTML>