TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_KLEZ.G
Overview
Solution

Malware type: Worm

Aliases: W32/Klez-G, I-Worm.W32/Klez.gen@MM

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, 2000, NT, ME, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 
This destructive memory-resident worm propagates by sending email messages with itself as a file attachment.

It also takes advantage of the following Windows vulnerability to propagate:

    Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

For more information about this vulnerability, please refer to the following Microsoft Web page:

It drops a WINK*.EXE file in the Windows System folder of the infected system and then creates corresponding registry entries to execute the dropped file at every system startup.

It also infects .EXE files. To infect, it encrypts (compresses) the target file and then modifies the file extension with a random name.

It also modifies the attributes of the file and sets these to Read-only, Hidden, System, and Archive. Thereafter, this worm copies itself to the original file name of the infected file. This worm's file size is the same as that of the infected file.

Read more about these variants.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 24, 2002 10:55:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.