Klez worm's a no-show

The timer rings on the Klez.e virus, but the worm is stopped in its file-eating tracks. How did that happen? Good preventative measures, say antivirus experts.

The Klez.e worm packed a miniscule punch after it activated Wednesday, with antivirus companies reporting little or no damage from the pest.

The worm, which began spreading through e-mail messages in early February, is set to activate on infected PCs on the sixth day of odd-numbered months, potentially triggering a barrage of activity that would destroy many common types of PC files.

By late Wednesday morning, however, antivirus-software company Symantec had no reports of PCs being damaged by the worm, said Sharon Ruckman, senior director of the company's Security Response center.

Reports of the worm spreading via e-mail had increased in the past few days, though, prompting Symantec to boost the threat rating for Klez.e on Wednesday from Level 2 to 3, on a scale of 5.

The assessment was similar from antivirus-software maker Trend Micro, which ranked Klez.e as the 12th most active worm on the Internet, well behind more robust pests such as the Sircam and Nimda worms.

"Apparently, it's pretty much a no-show," said David Perry, public education director for Trend Micro.

Klez.e's weak punch was largely attributed to there being almost a full month between the time the worm appeared and when it went active, allowing people plenty of time to update their antivirus software and stomp out the pest.

"The more time we have, the better it is," Ruckman said. "People have more of a chance to get updated."

Perry added that Klez.e was fairly unsophisticated for a modern e-mail worm, enabling a more thorough response. "For this kind of thing, we have much better protection than a year ago."

Perry noted that Wednesday's Klez.e scare occurred 10 years to the day after the first major virus panic of the PC era, the Michelangelo virus that sent PC owners into a tizzy on March 6, 1992. "It's kind of nostalgic for those of us in the antivirus field," he said.

Meanwhile, a new worm that poses as a Microsoft security update was showing little signs of spreading. The Gibe worm arrives attached to an e-mail message supposedly from Microsoft with the subject "Internet Security Update." Recipients are instructed to open the attached file--named "Q216309.exe"--to install patches for recently discovered security holes in Microsoft products. In reality, the file creates programs that help the worm spread via e-mail and leave the infected PC vulnerable to hackers.

Symantec had received reports from fewer than a dozen users infected by the Gibe worm as of midday Wednesday, leading it to categorize the pest as a Level 2 threat.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All