X

Klez.e worm threat fizzles

The variant of the Klez worm was set to start gobbling PC files Wednesday, but antivirus companies say computer users took the proper measures to prevent a feast.

David Becker Staff Writer, CNET News.com
David Becker
covers games and gadgets.
See full bio
David Becker
2 min read
The Klez.e worm packed a miniscule punch after it activated Wednesday, with antivirus companies reporting little or no damage from the pest.

The worm, which began spreading through e-mail messages in early February, is set to activate on infected PCs on the sixth day of odd-numbered months, potentially triggering a barrage of activity that would destroy many common types of PC files.

By late Wednesday morning, however, antivirus-software company Symantec had no reports of PCs being damaged by the worm, said Sharon Ruckman, senior director of the company's Security Response center.

Reports of the worm spreading via e-mail had increased in the past few days, though, prompting Symantec to boost the threat rating for Klez.e on Wednesday from Level 2 to 3, on a scale of 5.

The assessment was similar from antivirus-software maker Trend Micro, which ranked Klez.e as the 12th most active worm on the Internet, well behind more robust pests such as the Sircam and Nimda worms.

"Apparently, it's pretty much a no-show," said David Perry, public education director for Trend Micro.

Klez.e's weak punch was largely attributed to there being almost a full month between the time the worm appeared and when it went active, allowing people plenty of time to update their antivirus software and stomp out the pest.

"The more time we have, the better it is," Ruckman said. "People have more of a chance to get updated."

Perry added that Klez.e was fairly unsophisticated for a modern e-mail worm, enabling a more thorough response. "For this kind of thing, we have much better protection than a year ago."

Perry noted that Wednesday's Klez.e scare occurred 10 years to the day after the first major virus panic of the PC era, the Michelangelo virus that sent PC owners into a tizzy on March 6, 1992. "It's kind of nostalgic for those of us in the antivirus field," he said.

Meanwhile, a new worm that poses as a Microsoft security update was showing little signs of spreading. The Gibe worm arrives attached to an e-mail message supposedly from Microsoft with the subject "Internet Security Update." Recipients are instructed to open the attached file--named "Q216309.exe"--to install patches for recently discovered security holes in Microsoft products. In reality, the file creates programs that help the worm spread via e-mail and leave the infected PC vulnerable to hackers.

Symantec had received reports from fewer than 50 users infected by the Gibe worm as of midday Wednesday, leading it to categorize the pest as a Level 2 threat.