1 / 13

Klez 101

Klez 101. Michael Shumko. What’s Coming Up. The Klez Virus/Worm How Klez Gets In Damage Distribution Protection Next Steps To Learn More. The Klez Virus/Worm. Klez first appeared in October 2001 Variants are still making the rounds in September 2002 Affects Windows computers

annis
Download Presentation

Klez 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Klez 101 Michael Shumko

  2. What’s Coming Up • The Klez Virus/Worm • How Klez Gets In • Damage • Distribution • Protection • Next Steps • To Learn More

  3. The Klez Virus/Worm • Klez first appeared in October 2001 • Variants are still making the rounds in September 2002 • Affects Windows computers • Does not affect Macintosh, Unix, Linux, others

  4. How Klez Gets In • Exploits a vulnerability of • Microsoft Outlook • Microsoft Outlook Express • Microsoft Internet Explorer 5.x • No need to execute the attachment • Simply open or preview the message

  5. Preview Pane

  6. Damage • Infects executable files with itself • Copies itself to network shares • Disables some common anti-virus products • Sets itself up to start with Windows • Drops a copy of the Elkhern virus • Damages files by overwriting with zeros

  7. Distribution • Large scale e-mailing • Uses its own SMTP engine • Subject and attachment name are random • May release confidential data

  8. Distribution (cont.) • “To” addresses found in • Local files • Windows and ICQ address books • “From” address is spoofed • Can masquerade as an immunity tool • Can masquerade as “postmaster bounce” messages

  9. Distribution (cont.) Your PC FIREWALL ISP Anti-Virus Anti-Virus Outlook Mail service Klez worm

  10. Protection • Use basic security “best practices” • Keep patch levels up to date • Scan incoming mail for viruses • Use firewall to stop outbound

  11. Next Steps

  12. To Learn More • My web site • http://members.shaw.ca/mike-shumko/av/ • Microsoft security bulletins • MS01-020 re MIME headers • Anti-virus manufacturers • Norton / Symantec • McAfee

  13. Thank you

More Related