|
|
Worm.Klez.A Worm Information
| Name: |
Worm.Klez.A |
| Category: |
Worm |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Signatures:
|
rty.A@mm, W32.Klez.gen@mm, W32.Klez.A@mm
Threat type: Worm - A worm is program that propagates by attacking other computers and copying itself to them. Worms may replace files, but do not insert themselves into files (as viruses do).
Advice: Remove
Threat risk: Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: I-Worm.Klez.A is a worm that spreads through email and attempts to spread itself on local and network drives.
When I-Worm.Klez.A is executed, it does the following:
It copies itself to
%System%Krnl132.exe
NOTE: %System% is a variable. The worm locates the WindowsSystem folder (by default this is C:WindowsSystem or C:WinntSystem32) and copies itself to that location.
It adds the value
krn132 %System%krn132.exe
to the registry key
HKEY_LOCAL_MACHINESoftwareMicrosoft
WindowsCurrentVersionRun
so that it is executed when you start Windows.
The worm attempts to disable on-access virus scanners and searches local, mapped, and network drives. The worm copies itself using a random file name with a variable double extension, such as Filename.txt.exe.
In addition, the worm searches the Windows address book, which is used by Microsoft Outlook, for email addresses. The worm sends an email message to these addresses with itself as an attachment |
| Type: |
Worm - A worm is program that propagates by attacking other computers and copying itself to them. Worms may replace files, but do not insert themselves into files (as viruses do). |
Top Worm Visited Pages:
Wukill.mstray - Alias: Win32/HLLW.Wukill - 295 visits
Rbot - Alias: Backdoor.Rbot.Gen - 276 visits
SDBot - Alias: Wootbot.gen, Wootbot, Donk, spybot, Agobot - 229 visits
Trojan.Downloader.winstall - 182 visits
Worm.Brit.e - Alias: VBS/Chick.e@M virus - 89 visits
Worm.P2P.SpyBot.gen - 56 visits
Gaobot - 45 visits
Win32/Darby.O - 42 visits
Worm.Trilissa.e - 42 visits
JS.Lame - Alias: HTML.Lame - 40 visits
Random Worm Pages:
Worm.Apost - Alias: W32/APost@MM
Worm.Indor.b
Rbot.Win32 - Alias: W32/Rbot-VI
Worm.Haiku - Alias: W32/Haiku.A
IRC.Worm.Momma.c
Worm.Kamar
Worm.Corad
RBot.servenxp - Alias: Backdoor:Win32/Rbot.FE
VBS/Nuel@MM - Alias: HTML.Welcome.a
Apache Worm.c
|
|
