Klez-E Worm Programmed To Munch Files


Antivirus companies Tuesday warned of an Internet worm that could delete certain files on Wednesday.

W32/Klez.e, a variant of last fall's Klez worm, is programmed to overwrite .txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak, and .mp3 files on the sixth day of odd-numbered months. The variant surfaced in late January.

Antivirus provider McAfee, a division of Network Associates, this week raised the risk assessment of Klez.e to medium due to the number of reports of the mass-mailing worm and its destructive payload, said Vincent Gullotto, vice president of McAfee's AVERT Labs.

During the past month, AVERT has received about six to 12 reports of the worm daily, mostly from small companies or end users, he said.

Antivirus firm Central Command said it has seen "a significant peak in confirmed infections" of Klez.e over the past 30 days.

The worm arrives as an e-mail with varying messages. When the e-mail is opened, the worm exploits a security hole in Microsoft Internet Explorer to spread automatically on Windows systems. Microsoft has offered a patch for the hole for the past year.

Antivirus vendors previously updated their software to block the worm.