SecurityHome.eu Win32.Klez.E@mm

Home / malware PDF

Win32.Klez.E@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Klez.E@mm is also known as W32/Klez.
Explanation :
This new version of Klez comes as an executable file attached to the infected mail and has a random name. The mail contains the same exploit as its predecessors. The mail can have several formats and contains the texts in subject and body:

- Hi,
- Hello,
- Re:
- Fw:
- Undeliverable mail—“”
- Returned mail—“”
- 'a %s %s game
- 'a %s %s tool
- 'a %s %s website
- 'a %s %s patch
- '%s removal tools

where %s is one of the next text:

- new
- funny
- nice
- humour
- excite
- good
- powful
- WinXP
- IE 6.0
- W32.Elkern
- W32.Klez

Or:

- how are you
- let's be friends
- darling
- don't drink too much
- your password
- honey
- some questions
- please try again
- welcome to my hometown
- the Garden of Eden
- introduction on ADSL
- meeting notice
- questionnaire
- congratulations
- sos!
- Japanese girl VS playboy
- look,my beautiful girl friend
- eager to see you
- spice girls vocal concert',
- Japanese lass’ sexy pictures
- The following mail can't be sent to :
- The attachment
- The file
- is the original mail
- give you the
- is a dangerous virus that
- can infect on Win98/Me/2000/XP.
- spread through email.
- For more information,please visit
- This is
- I you would it.
- Christmas
- New year
- Saint Valentine’s Day
- Allhallowmas
- April Fools’ Day
- Lady Day
- Assumption
- Candlemas
- All Souls’Day

The virus attempts to remove from memory more viruses than its previous version and even its earlier version.

It also spreads through shares in the local network by dropping a file with the name one of:

- setup
- install
- demo
- snoopy
- picacu
- kitty
- play
- rock

and an executable extension (bat, exe, scr).

Or a RAR archive with a random name which contains the file specified above.

Also, it contains the file infector Win32.Elkern.B, a new version of Win32.Elkern.A, which will be dropped and executed as the file %system%wqk.exe

The virus contains the text:

Win32 Klez V2.0 & Win32 Elkern V1.1,(There nick name is Twin Virus*^__^*)
Copyright,made in Asia,announcement:
1.I will try my best to protect the user from some vicious virus,Funlove,Sircam,Nimda,CodeRed and even include W32.Klez 1.X.
2.Well paid jobs are wanted
3.Poor life should be unblessed
4.Don't accuse me.Please accuse the unfair s**t world
Last update 21 November 2011

TOP

Malware :

Last 20