At 04:46 AM 7/12/2002 -0500, Istanbul wrote:
>Could someone please explain to me what exactly KLEZ *does* aside from
>replicate itself?
>All anyone has ever said is that it copies itself...which seems relatively
>innocuous, to be honest.
>(BTW, I apologize in advance for bringing this up.)
No problem. :) Getting new information is important sometimes.
Klez has two main functions: Reproduce itself via Email, and disable
Antivirus software. It is what is known as a 'concept' virus. It has no
destructive payload. It won't wipe out your hard drive, or corrupt all your
image files and MP3's. However, there is nothing to STOP somebody from
adding a destructive payload to it. Anybody could look at the virus, say "I
think this should blow things up." and add another virus to it that will
blow things up.
The next thing to consider is that this is another virus that takes
advantage of a hole in Microsoft software and installs itself without the
user needing to actually run it. This is bad. This means that Klez is not
the only thing that could be installed this way.
Anyways... First off, "Sending email" is not all that 'safe'... Remember
the Melissa virus? Several email servers actually were shut down because of
the sheer quantity of mail the virus generated. (Trust me, I was working
for an AV company at the time, I got to see some mail servers get wasted by
it.)
And if somebody is on a dialup, sending itself out can cause the person's
internet connection to bog down, thus making them pay for an internet
connection they can't use.
But the most dangerous thing this virus does is pass "Proof" and
"Knowledge". It means that a BUNCH of people now know how this kind of
virus can work, and therefor have the information needed to make something
extremely nasty, instead of something that just spreads itself... And of
course, if they DO make something nasty, well, Klez has killed the AV
software, so they can get their nasty thing in undetected. And Klez has
given them PROOF that it works, so they may spend the time to make it.
Anyways, keep your system safe!
Received on Fri Jul 12 2002 - 13:19:03 CDT