Antivirus software makers Symantec and Central Command have issued a warning about Klez.E, a worm with destructive payload that began circulating across the Internet in November 2001. According to the two companies, Klez.E is date-driven and will become active again today, March 6.
The worm overwrites files with various extensions, such as .bak, .c, .cpp, .doc, .htm, .html, .jpg, .mp3, .mpeg, .mpg, .pas, .txt, .wab, and .xls. Klez.E overwrites such files by filling them with zeros, which makes the files unrecoverable except from backups. The worm also hides itself on a system and reactivates on the day 6 of each month.
Klez.E propagates by mass emailing itself to addresses found in files on a system as well as Outlook and ICQ address books. The worm also copies itself to network shares. The emailed worm's message carries random subject lines, making it difficult for users to recognize without the help of antivirus software. Klez.E also attempts to disable some well-known antivirus software packages.
Antivirus software makers are advising users to be sure they have the latest software updates available to help prevent the worm from damaging systems and spreading further.
