Reliable Answers - News and Commentary

Information and Fix for The Klez Virus

Klez is an email virus that became 'popular' in April of 2002. It exploits a vulnerability in Internet Explorer that was patched back in April of last year. Even though it was 'patched' the exploit is functional and usually succeeds unless you have completely disabled the features that it relies on. The best thing you can do is have Norton Anti-Virus (NAV) delete all the infected emails, and set your IE security appropriately.

I do not suggest using McAfee as it is incapable of reliably detecting viruses in files I KNOW are infected (call me sick - I keep copies of viruses for this purpose).

A free tool to scan your system for the virus (and remove it if infected) is available here: SARC

More information about your infection here: SARC

After you have been disinfected you should set your security appropriately to prevent future infections by this virus. It *can* bypass your antivirus program (if you run one) and it is entirely possible other viruses will exploit this vulnerability in the future as well.

Here's how to set your security appropriately:

* Open Internet Explorer

  > Open the Tools menu

   > Internet Options

    > Security

     > {Internet Zone}

      > [Custom Level]

       > -Miscellaneous

        > [X] DISABLE Launching programs and files in an IFRAME

         > [OK]

Then, for each other 'Zone' DISABLE *every* feature under [Custom Level] and set 'Submit Non-Encrypted Form Data' to 'Prompt', and 'User Authentication/Logon' to 'Prompt for user name and password' - that way you know when an application or webpage is sending information either through your email client or an html file you open locally. If you are using Internet Explorer 6 you may want to set the "Allow META refresh" to Enable. There are a number of sites that incorrectly rely on this client-side function.

This level of security MAY prevent certain inTRAnet functionality from performing, but relatively few people require an inTRAnet setup anyway. Since it is probably not necessary for you to enable that functionality, it poses you only a threat to your security and can readily be reset to [Default Level] should you later determine that those 'features' are required. If _anything_ is important on the inTRAnet tab, you'll want to set 'Drag And Drop or Copy & Paste Files' to ENABLE. This will allow you to copy files with drag & drop in Windows Explorer across shares on your network - but you should only set this if you actually HAVE a network.

Also, anytime you Upgrade or Patch your Browser it will be necessary to verify these settings are still in effect. Generally they are reset to default (thank you Bill for keeping us on our toes!), which makes it difficult to maintain your security.

This virus is *nasty* to say the least. Hopefully you haven't been hit by the worst parts of it yet - which are the downloading of trojans to your system that can be used to remote control your computer across the internet (usually through IRC), and erasure of everything on your system.

I wouldn't be much of a security guy if I encouraged you to download and run something without first verifying my story. Feel free. In any case - if you *are* infected - you should act fast before you risk spreading it any further.

If you do not have a firewall setup you may also consider purchasing one. I personally use the free version of ZoneAlarm, which includes a content filter that can prevent viruses like Klez from ever making it to your email client. If you're running a network you can run the firewall on the gateway system and effectively protect every system in your network from known internet-borne viruses. Symantec has several similar and alternate products , though they are significantly more expensive. It's hard to beat free.

If you're looking for an integrated solution - I suggest Norton Internet Security 2002, as it includes both a firewall and Norton AntiVirus in the same box, with a year subscription for definitions updates. This is a very reasonable ~$45 at most office supply stores.

Other virus information:   http://ReliableAnswers.com/virus/

[asp-jobs] - STRICTLY MODERATED Active Server Pages employment list

Take me to the top

Your Ad Here?

Contact our Marketing department for information about advertising on this domain.


Take me to the top

We invite you
to visit:

Professional Web Hosting and Design Services: 12 Point Design Local Homeschool provides the most up-to-date support group listings in a geographical and searchable index Budget Homeschool Kidjacked -- To seize control of a child, by use of force SaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security Reliable Answers - developer information, current news, human interest and legislative news Twain Harte Photo Gallery - Twain Harte, CA - The closest you can get to Heaven on Earth Cranial Laser & Neurolymphatic Release Techniques (CLNRT) - Experience dramatic pain reduction At Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling pain Visit UniveralPreschool.com to learn about your preschool options. Dave's Quick Search Deskbar
Reliable Answers.com/virus/klez.asp AddThis Social Bookmark Button
Google