Klez.e worm threat appears to be contained

Symantec Corp. said it considered the Klez.e worm a relatively low threat, though a spokesman said the company had received many calls from clients who had encountered it.

The worm was set to cause havoc today, according to several well-publicized alerts. But for the most part, damage doesn’t seem to be widespread. Nonetheless, Symantec upgraded the risk factor from a level two to a three out of a possible five because so many clients had encountered it.

The worm can delete files, halt the work of security programs and spread itself when an infected e-mail is opened. According to Symantec’s alert, the worm exploits a vulnerability in Microsoft Outlook and Outlook Express as it tries to execute itself when a message is opened in which it is contained.

While there seems to heightened public awareness of these kind of attacks, Vincent Weafer, a senior director at Cupertino, Calif.-based Symantec, said there aren’t many more viruses or worms than in recent years. About seven new viruses or worms enter the world every day, which is only up from five per day a few years ago.

“It is increasing very slowly,” Weafer said. “At any given time there are between 200 to 250 viruses in the wild. But [the numbers] have been growing very slowly over the last couple of years.”

Weafer said the greater connectivity and the widespread use of Digital Subscriber Lines tend to lead to the perception that there are more attacks being launched than ever before. He said that because there are more people using the global connectivity of the Web, viruses tend to hang around longer, which also leads to the perception that there are more of them.

As for why so many worms seem to target Outlook, he said it’s a simple case of “hammering a known vulnerability.” As more people deploy patches, attackers will use other paths. He also thinks that more attackers will rely less on social engineering to spread viruses and try to make the viruses themselves look for ways to spread.

The Klez.e worm’s use of its Simple Mail Transfer Protocol engine is an example of this, Weafer said.

Marty Lindner, team leader for incident handling at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, said he hadn’t heard much about the Klez.e worm. CERT hasn’t issued an alert or a bulletin, he said.

Symantec is at http://www.symantec.com/

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now