Reliable Answers - News and Commentary

Information and Fix for The Klez Virus

Klez is an email virus that became 'popular' in April of 2002. It exploits a vulnerability in Internet Explorer that was patched back in April of last year. Even though it was 'patched' the exploit is functional and usually succeeds unless you have completely disabled the features that it relies on. The best thing you can do is have Norton Anti-Virus (NAV) delete all the infected emails, and set your IE security appropriately.

I do not suggest using McAfee as it is incapable of reliably detecting viruses in files I KNOW are infected (call me sick - I keep copies of viruses for this purpose).

A free tool to scan your system for the virus (and remove it if infected) is available here: SARC

More information about your infection here: SARC

After you have been disinfected you should set your security appropriately to prevent future infections by this virus. It *can* bypass your antivirus program (if you run one) and it is entirely possible other viruses will exploit this vulnerability in the future as well.

Here's how to set your security appropriately:

* Open Internet Explorer

  > Open the Tools menu

   > Internet Options

    > Security

     > {Internet Zone}

      > [Custom Level]

       > -Miscellaneous

        > [X] DISABLE Launching programs and files in an IFRAME

         > [OK]

Then, for each other 'Zone' DISABLE *every* feature under [Custom Level] and set 'Submit Non-Encrypted Form Data' to 'Prompt', and 'User Authentication/Logon' to 'Prompt for user name and password' - that way you know when an application or webpage is sending information either through your email client or an html file you open locally. If you are using Internet Explorer 6 you may want to set the "Allow META refresh" to Enable. There are a number of sites that incorrectly rely on this client-side function.

This level of security MAY prevent certain inTRAnet functionality from performing, but relatively few people require an inTRAnet setup anyway. Since it is probably not necessary for you to enable that functionality, it poses you only a threat to your security and can readily be reset to [Default Level] should you later determine that those 'features' are required. If _anything_ is important on the inTRAnet tab, you'll want to set 'Drag And Drop or Copy & Paste Files' to ENABLE. This will allow you to copy files with drag & drop in Windows Explorer across shares on your network - but you should only set this if you actually HAVE a network.

Also, anytime you Upgrade or Patch your Browser it will be necessary to verify these settings are still in effect. Generally they are reset to default (thank you Bill for keeping us on our toes!), which makes it difficult to maintain your security.

This virus is *nasty* to say the least. Hopefully you haven't been hit by the worst parts of it yet - which are the downloading of trojans to your system that can be used to remote control your computer across the internet (usually through IRC), and erasure of everything on your system.

I wouldn't be much of a security guy if I encouraged you to download and run something without first verifying my story. Feel free. In any case - if you *are* infected - you should act fast before you risk spreading it any further.

Other virus information:

Carschooling by Diane Flynn Keith

Take me to the top

We invite you
to visit:

Professional Web Hosting and Design Services: 12 Point Design Local Homeschool provides the most up-to-date support group listings in a geographical and searchable index Budget Homeschool Kidjacked -- To seize control of a child, by use of force SaferPC dispels security misunderstandings and provides you with a solid understanding of viruses and computer security Reliable Answers - developer information, current news, human interest and legislative news Twain Harte Times - Twain Harte, CA - The closest you can get to Heaven on Earth Cranial Laser & Neurolymphatic Release Techniques (CLNRT) - Experience dramatic pain reduction At Summit Chiropractic our mission is to improve your quality of life - We know that health is much more than just not feeling pain Visit to learn about your preschool options.