The worm has a text portion and some attachments. The text portion consists of either an HTML internal frame tag, which in buggy email clients causes the worm to be executed, or a few lines of text, sometimes even claiming to be an antidote for the Klez worm. The first attachment is the worm, whose internals vary somewhat.
Unlike previous worms such as Sircam, which were quickly squelched, Klez is still going strong. The main reason is that Klez sets the From: address as well as the To: address of the mail it sends out to addresses it finds in the web browser cache. Thus, if the recipient has a procmail[?] recipe to reply to worms with a warning, the warning is misdirected, and the infected user never finds out that he is infected until his computer crashes.
Search Encyclopedia
|
Featured Article
|