Virus name: Klez (also known as W32/Klez.gen@MM or W32.Klez.E).
Origins: The Klez virus arrives as an attachment to e-mails bearing spoofed return addresses and subject lines selected randomly from a large pool of choices. The subject line might be any of the following:
congratulations
darling
eager to see you
the Garden of Eden
honey
how are you
introduction on ADSL
japanese girl VS playboy
japanese lass' sexy pictures
let's be friends
look,my beautiful girl friend
meeting notice
please try again
questionnaire
so cool a flash,enjoy it
some questions
sos!
spice girls' vocal concert
welcome to my hometown
Worm Klez.E immunity
your password
Returned mail—"[random phrase]"
Undeliverable mail—"[random phrase]"
a [random phrase] game
a [random phrase] patch
a [random phrase] tool
a [random phrase] website
[random phrase] removal tools
Where [random phrase] is one or two words selected from the following list (e.g., "W32.Elkern removal tools," "a special powful tool"):
excite
funny
good
humour
new
nice
powful
F-Secure
IE 6.0
Kaspersky
Mcafee
Sophos
Symantec
Trendmicro
W32.Elkern
W32.Klez.E
WinXP
Klez exploits a bug in Microsoft's Internet Explorer (version 5) to infect a user's system, and once installed it sends out e-mail messages to addresses found in local files, Microsoft Outlook address books, and ICQ address books. It will also overwrite any txt, .htm, .html, .wab, .doc, .xls, .jpg, .cpp, .c, .pas, .mpg, .mpeg, .bak, or .mp3 file on the 6th of every odd numbered month (January, March, May, July, September, and November).
See the links below for more information on how to detect and remove Klez.
