Penn State logo

Virus Alert: W32.Klez.E@mm Virus



originally posted on Friday, February 22, 2002
updated on Monday, March 4, 2002

The virus/worm designated "W32.Klez.E@mm" or more familiarly "Klez" appeared at Penn State on Tuesday, February 19, 2002. Klez affects Microsoft Windows users who use Outlook or Outlook Express. The virus exploits a security flaw in Outlook and Outlook Express which allows the virus to execute once the infected e-mail message is opened/read. The infected machine then sends e-mail messages to any e-mail addresses it finds in a user's contact e-mail list. The subject line and name of the attached file (typically with the .exe, .pif, .bat, or .scr extension) are random and do not have a specific label.

At Penn State, many users have received e-mail messages which appear to be from webmaster@psu.edu, postmaster@cac.psu.edu, as well as several others when in fact, the messages are not from those senders.

Information about this virus and how it works is found via Symantec's Web site at http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html. Inquiries about this and other viruses should be directed to the Penn State Computer and Network Security Office (NETSEC) at security@psu.edu.

Of Special Note:

Virus protection begins with you. Do not open an e-mail attachment without first scanning the attachment with virus-protection software. The CAC strongly urges computer owners to prevent problems by taking the following steps:
  1. Install the most current virus-protection software;
  2. Routinely update the product;
  3. Back up your files on a regular basis; and
  4. Stay informed on virus news and software vulnerability issues. Because an increasing number of viruses cannot be "cleaned" by simply running the "latest" virus checker if you are already infected, preventing infection is the wise course of action.

    5. Penn State has recently purchased a site license for Symantec's Norton Antivirus software which Penn State students, staff and faculty can use for free. Please see the information available via the Microcomputer Order Center (MOC) Web site at http://moc.cac.psu.edu/products/symantec.htmlfor details and in the CAC Newsletter article, Symantec Agreement to Provide Free Virus Detection Software to Students, Faculty, and Staff at http://cac.psu.edu/news/symantec.html.

    For more information about Klez, including suggested patches and strategies for disinfecting your system, please check the following Web sites:

    http://support.microsoft.com/support/kb/articles/Q316/6/58.ASP

    http://www.helpdesk.umd.edu/alerts/virus/klez.shtml

    http://www.sophos.com/

    http://www.symantec.com/avcenter/venc/data/w32.klez.e@mm.html

    http://www.mcafee.com/anti-virus/

    http://www.cert.org/

    http://www.f-secure.com/v-descs/klez.shtml

    If you receive mail that you believe contains a virus, or you think your machine may already be infected with a virus, contact the Center for Academic Computing (CAC) Help Desk at (814) 863-1035 or (814) 863-2494. General information and guidance on viruses can also be found on the CAC Virus Information and News web site at http://cac.psu.edu/infotech/virus.html.

    The Pennsylvania State University ©2002. All rights reserved.
    Alternative Media - Nondiscrimination Statement
    This site maintained by Consulting & Support Services, a unit of Information Technology Services.
    Consulting and Support Services Staff Directory

    For assistance please write to the Help Desk or see our Help Sources.
    Provide site feedback to the CSS Web Group .

    Last revised: Thursday, March 14, 2002.