Klez.I Preys on the Unwary

Madrid, September 16 2002 — From April thru August 2002, the Klez.I worm topped the list as the most virulent malicious code affecting users’ computers, according to results obtained by Panda ActiveScan, the free online antivirus. And contrary to popular belief, this prevalence is not down to any highly sophisticated programming, but due largely to exploiting ordinary users’ lack of security savvy.

Klez.I in fact takes advantage of two basic factors:

– A vulnerability detected in the Internet Explorer browser, corrected by Microsoft, which lets the virus run automatically when viewed through Outlook’s Preview Pane.

– Social engineering. The worm is able to change the name of the sender, giving the impression that the message has been sent by someone who may not even be infected themselves.

Klez.I demonstrates how necessary it really is to adopt permanent security measures to protect computers. Something even more apparent as many people return from summer vacation and users catch up on all the unread mail accumulated over the holidays. To protect your computer from viruses, it is highly recommended that you adhere to the following advice:

– Install a good antivirus, which can be updated daily so that it can detect and disinfect the latest viruses. The antivirus should also include: permanent technical support (to solve problems related to viruses or the functioning of the antivirus program); quick solutions to new viruses and a virus warning service.

– Scan inbound e-mail messages before opening them. You should scan all messages received, including those from familiar sources, with reliable antivirus software. Remember that some viruses can resend themselves to all contacts in an address book and therefore will appear to have been sent by people you may know and trust.

– Install patches and updates sent by software developers to correct vulnerabilities discovered in programs.

– When participating in chats or newsgroups, reject any unsolicited files, as they could contain viruses. Similarly, files that are received from unknown sources should always be scanned.

– Avoid downloading programs from dubious or non-secure websites.

– Stay up-to-date with the latest security issues. Read the latest security news and visit portals that deal with IT security.

As a final recommendation, administrators in corporate environments should also protect each and every workstation and terminal in the network, this includes antiviruses installed in both firewalls and proxies. This is the only reliable way to minimize the risk presented by employees who use free e-mail servers such as Hotmail, Yahoo, etc., which are common target for viruses.




Share this