Braid virus winds its way through e-mail
Although the latest mass-mailing computer virus is off to a slow start, antivirus companies say it shares some attributes with the widely spread Klez family of viruses.
Although the company has seen only 43 copies of the virus--indicating an extremely slow start--W32.Braid shares some attributes of the widely spread Klez family of viruses and could have similar success. Among the similarities, both viruses forge a fake sender address in the e-mails they use to propagate themselves, which makes finding infected PCs more difficult.
The Klez.h variant of the Klez virus has sent out millions of e-mail messages with a copy of itself attached. Since it was first placed on the Internet in April, the virus has topped the charts of malicious e-mail attachments found by antivirus firms and e-mail service providers, which filter junk e-mail for companies and also zap messages that have viruses attached.
W32.Braid, also known as PE.Brid, can spread to PCs running any version of Microsoft Windows. People who use Microsoft Internet Explorer 5.01 and 5.5 may find that their computers automatically become infected, because Braid uses an old flaw in Internet Explorer to automatically execute the attachment that carries it when the e-mail message is viewed. Patching the program with Service Pack 2 will solve the problem, Network Associates said in its advisory on the virus.
Like Klez, Braid contains its own e-mail engine, so once it infects a computer, it doesn't need to use an e-mail client, such as Outlook, to spread. The virus will also attempt to infect any program, as well as screensaver files. So far, though, antivirus researchers believe that Braid simply spreads itself, and doesn't actually destroy data.
While many of the tactics Braid uses to spread resemble those used by the Klez family, the program itself seems closer to a more famous virus, LoveLetter. Antivirus software from Network Associates and rivals Symantec and Trend Micro all detect Braid as a variant of FunLove, a close relative of LoveLetter.
Because the virus is already detected by all major antivirus software, the application makers have labeled Braid a fairly minor danger.
Network Associates has rated Braid a low-priority threat, while Trend has rated the virus a medium risk, and Symantec has given the worm a two out of five, with five being the most severe.