A new variant of a worm that takes advantage of vulnerabilities in unpatched Microsoft Internet Explorer and Outlook Express software is spreading in the wild, antivirus vendors warned.
The mass mailing Win32.Klez.H@mm worm is a variant of the Klez worm that was first reported in October. Like its predecessors, the new version propagates through e-mail and attempts to copy itself through files that can be shared over a network. The worm uses random subject lines, the text within a message and attachment file names to try to get users to launch it.
Once launched, the worm copies itself to all addresses in the Windows address book and attempts to disable any antivirus software and processes that may be installed on a system.
When the Klez.H attachment is opened, it also will often drop a copy of a virus called W32.Elkern, which infects files that can be shared over a network and mapped drives and can cause systems to crash if activated.
What is new with Klez.H is its apparent ability to spread more widely, said Sharon Ruckman, director of Symantec Corp.'s security response team.
The subject lines and message bodies, for instance, have been expanded and made even more random than previous versions, she said. The virus also seems to have been designed to stop or disable a greater range of antivirus tools than older versions. In addition, the Elkern virus it carries has been modified to do more damage, Ruckman said.
Companies that are currently patched with the latest antivirus software should be protected against the virus, she said. Symantec is rating the virus as a "medium" risk.