For immediate releaseHowever, it may not need the users' assitance to spread: it uses a known vulnerability in Internet Explorer-based email clients in order to execute automatically. The vulnerability is known as Automatic Execution of Embedded MIME type and all users of Microsoft email clients should make sure they have the relevant patch installed, see the Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms01-020.asp
It is also capable of spreading across a LAN by copying itself to shared drives or folders. This can make it difficult to eradicate in large networks with few internal controls.
Some anti-virus products are able to detect the new variant because of its' similarity with previous variants: Sophos Anti-Virus detect it with their 7 February definition file for W32/Klez.G and McAfee detect it as W32/Klez.gen@mm with their 23 January definition file (4182 DATs).
MessageLabs first stopped W32/Klez.K-mm in an email from China on 15th April. The top three places they have seen it from are Taiwan, Hong Kong and Denmark.
The discrepancies in names between different anti-virus developers are not uncommon when the need to release urgent alert information outstrips the co-ordination between research teams. A consensus will probably be reached later.
Allan Dyer, Chief Consultant of Yui Kee Computing, commented, "Outbreaks like this are becoming commoner and the ability of organisations to cope with them depend on good user education, preparation of their defences and incident response planning." A good starting point for user education are the Safe Hex Guidelines: http://www.sophos.com/virusinfo/articles/safehex.html
For further information, please contact
Hong Kong:
Yui Kee Co. Ltd.
Mr. Allan Dyer, Technical Director
Tel: +852 28708555
Fax: +852 28736164
or visit the Yui Kee web site at http://www.yuikee.com.hk/