Klez and KaZaA Viruses Stay Pesky

Quick, what's the most widely distributed virus or worm of all time? It's the Klez worm, which continues to top the virus tracking charts. Here's what to do about it.

According to recent data from several sources, the widely reported Klez worm and KaZaA file-swapping software virus have become increasingly pesky security threats because of their unusual methods of propagation. In fact, a variant of the Klez worm called Klez.H has taken on the distinction of being the most widely distributed virus or worm of all time, according to e-mail tracking data from MessageLabs service VirusEye.

According to a report from antivirus trackers at BitDefender, the most worrisome virus or worm outbreak for the month of May was the KaZaA Worm—Win32.Worm.Benjamin. Its worrisome because the KaZaA worm is among the first major security threats to spread through widely distributed, peer-to-peer, networked file-swapping software. "This is not only a new threat but also a major one, since it is spreading among the KaZaA users, and they are millions" said Sorin Dudea, a virus researcher at BitDefender. A reported 80 million people have downloaded the KaZaA software.

Once it is run, the KaZaA virus displays an error message and copies itself in the users System folder. It then modifies Registry keys in order to be run at restart, and it creates a folder in C:\Windows\Temp\Sys32. The folder acts like a main KaZaA shared folder where it creates many files with names of known movies, MP3 files, or other files.

"When [another user on the peer-to-peer network] searches for such a file, the file containing the virus will be displayed, too, so that the user has a pretty good chance of getting [the virus]" concluded Sorin.

BitDefenders report is based on the number of virus occurrences in a scanned lot of 1.5 billion files, of which 0.5 billion have been found to be infected. That wasnt enough to make the KaZaA virus the most prevalent one; it showed up in the top ten. Both BitDefenders data and data from virus trackers at MessageLabs show the Klez.E and Klez.H worms as most prevalent.

According to virus-tracking data for the month of May from researchers at Sophos, the Klez worm was still spreading rapidly. "For the third month in a row, a variant of the Klez worm dominates the virus chart, accounting for more than half of the submissions to Sophoss technical team," said Graham Cluley, a Sophos senior technology consultant. "Klez.H is trickier to spot than the average virus because it randomly generates a new subject line, e-mail text, and attachment name each time it propagates."

The data from Sophos is for the month of May, but MessageLabs VirusEye tracking service continues to show both the Klez.H and Klez.E worms to be the most prevalent security threats of all, as measured through this week. MessageLabs officials also recently announced that Klez.H has the distinction of being the most widely distributed virus or worm of all time, a record previously held by the SirCam virus, which broke out last summer. According to MessageLabs data, which is based on millions of tracked e-mails, one in 300 e-mail messages contains the Klez.H worm.

BitDefender has made available free tools cleansing a system of both the Klez worm and the KaZaA virus.