Klez
Home > Security Definitions - Klez
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

Klez

Show me everything on Malware, Viruses, Trojans and Spyware

DEFINITION - Klez (pronounced KLEHZ) is an Internet worm that launches automatically when a user previews or reads an e-mail message containing Klez on a system that has not been patched for a vulnerability in Microsoft Internet Explorer mail clients. It is not necessary for a user to explicitly open an attachment in order for Klez to execute. There have been more than a half-dozen variations of Klez since it was first reported in October of 2001. Klez, which consists of two components - the main worm and a Windows executable infector, searches Windows machines for e-mail addresses in everything from documents to cached Web pages. The worm uses its own version of Simple Mail Transport Protocol (SMTP) to mail itself to the addresses it finds. Typically, the subject line in a Klez e-mail is one of 120 pre-programmed possibilities, making the worm difficult for many end-users to recognize. It copies itself to the Windows system directory with a random file name and sets the registry key to point to the worm file so that it runs on startup.

Klez is generally considered to be a nuisance worm because it doesn't carry a destructive payload, but it can overwhelm mail servers and require extensive cleanup time. Klez also has a unique "social" payload because it can spoof the "From:" field in an e-mail. You may receive an angry response to an e-mail you never sent if Klez finds your address in an infected computer and uses it. Some versions of the worm carry the Elkern virus, a malicious code that attempts to disable anti-virus software by targeting files with the names of major anti-virus vendors.

Users can prevent infection by making sure they have installed the patch for the Internet Explorer vulnerability that allows the worm to execute, and by regularly updating their anti-virus software. Symantec, which has upgraded the Klez worm and its variations to a level four threat (on a scale of five), offers a special software tool to remove the worm. Klez is thought to have originated in Asia, possibly in the Guangdong province of China, where Code Red is thought to have originated.

Learn more about Malware, Viruses, Trojans and Spyware
Built-in Windows commands to determine if a system has been hacked: Ed Skoudis identifies five useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked.
More built-in Windows commands for system analysis: Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis.
Mini guide: How to remove and prevent Trojans, malware and spyware: Organizations need to learn how to implement proper protections and understand best practices for malware defense in order to keep their network environments secure. In this mini guide you will learn ...
Hacker attack techniques and tactics: Understanding hacking strategies: This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your ...
Spyware Protection and Removal Tutorial: This spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and what you can to do to win the war on spyware.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Googling Security: How Much Does Google Know About You?: In an excerpt from Googling Security: How Much Does Google Know About You?, author Greg Conti explains how attackers exploit advertising networks to compromise end-user machines.

LAST UPDATED: 05 Dec 2002

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- SearchSecurity has gathered resources to educate you about Klez.
- Wired.com explains how Klez has a social payload.
- This Microsoft security bulletin includes a patch for the vulnerability that Klez exploits.
- Symantec offers a tool for removing Klez.
- Trend Micro has published a detailed virus alert for WORM_KLEZ.G





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Schneier-Ranum Face-Off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software.
Modern malware, stealthy botnets, adapt quickly, expert says
As network intrusion detection systems evolve so does the malware they're designed to detect, continuing the cat and mouse game between security...
Computer worm infections up, scareware antivirus down, Microsoft says
Microsoft's biannual report finds rogue antivirus infections and Trojan and downloader attacks down in the first six months of 2009.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
directory traversal  (SearchSecurity.com)
Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the...




Get More Klez Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts