April 23, 2002 Security Advisory

The W32.Klez.H@mm virus is being detected worldwide in multiple variants: W32.Klez.E@mm, W32.Klez.H@mm, 
W32.ElKern.3587, W32.ElKern.4926, and w32klez.gen@mm 

This virus is a mass-mailing email worm that uses random subject lines, message bodies, and attachment 
file names. Originally discovered on January 17, 2002, the virus has mutated and is now becoming more pervasive.

The worm exploits a known vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute 
itself when you open or even preview the message in which it is contained. Information and a patch for the 
vulnerability are available at http://www.microsoft.com/technet/security/bulletin/MS01-020.asp. 

The worm attempts to disable some common antivirus products and has a payload that overwrites files with zeroes.

As always, update your antivirus signatures and run a full computer scan at your earliest convenience.

Symantec has developed a removal tool called “FixKlez.com” available at 
http://securityresponse.symantec.com/avcenter/FixKlez.com

If you are infected, download the file, save it to your desktop and do the following:

1- Close all programs on your computer
2- Double-click the FixKlez.com file to start the removal tool. 
3- Click Start to begin the process, and allow the tool to run. 
4- Restart the computer. 
5- Run the removal tool again to ensure that the system is clean.


* To ensure your privacy, your address is not visible to the recipients of this message. 
* If you would like to be removed from this list, please reply to this email with "remove" in the body of the email. 

Have a safe computing experience and don't forget to back up your files! 

Fredo Martin 
http://www.workingarts.com/infosecarchives