TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_KLEZ.H
Overview
Solution

Malware type: Worm

Aliases: W32.Klez.H@mm(Symantec), W32/Klez-H(Sophos), Email-Worm.Win32.Klez.h(Kaspersky), W32/Elkern.C(Avira), W32/Klez.H@mm (exact)(F-Prot), W32/Klez.h@MM(McAfee)

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This memory-resident variant of the WORM_KLEZ.A mass-mailing worm uses its own SMTP engine to propagate via email. Its email messages arrive with randomly selected subjects. It spoofs its email messages so that they appear to have been sent by certain email accounts, including accounts that are not infected.

This worm terminates and may uninstall antivirus programs. It also drops the file infector detected as PE_ELKERN.D

This worm runs on Windows 95, 98, ME, 2000, and XP.

Click here to read more on the KLEZ variants.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 17, 2002 3:59:50 AM GMT -0800
Description updated: Apr. 25, 2002 10:19:41 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.