Dealing With the Klez Virus
Instructions for Disabling the Microsoft Outlook or Outlook Express Preview
Panes
The Klez virus is spreading very rapidly. The SANS computer security group
estimates that more than 7% of the computers in the world have been infected. It
has infected some of the School Board's systems, including some of our file
servers.
One of the reasons this virus is spreading so rapidly is that, under certain
circumstances, the Klez virus can infect your computer even if you DO NOT open
infected e-mail attachments. Some versions of Microsoft Outlook and Outlook
Express can be triggered to automatically execute an e-mail attachment, just by
viewing the e-mail. This can happen even if you only view the e-mail in the
computer's Preview Pane. To protect your computer, please take the following
steps IMMEDIATELY.
Microsoft Outlook | Outlook Express
| The Preview Pane | How to Spot a
Klez-Infected E-mail
If you use Microsoft Outlook...
- Start Outlook.
- If the Preview Pane is visible, click the View Menu, then click the
Preview Pane menu item. This will hide the Preview Pane.
- With the Preview Pane hidden, you can delete suspect e-mail messages
without displaying them in the Preview Pane itself. This eliminates the
possibility that your computer can be infected just by previewing an
infected e-mail.
Back to the top
If you use Outlook Express
- Start Outlook Express.
- If the Preview Pane is visible, click the View Menu, then click the Layout
menu item to display the Layout options dialog box.
- Uncheck the Preview Pane option on the Layout options dialog box.
- Click OK
- With the Preview Pane hidden, you can delete suspect e-mail messages
without displaying them in the Preview Pane itself. This eliminates the
possibility that your computer can be infected just by previewing an
infected e-mail.
Back to the top
What does the Preview Pane look like?
This screen shot below shows Microsoft Outlook with the Preview Pane enabled.
When you click the message in the Inbox, the Preview Pane, located just below
the Inbox, displays the first part of the e-mail message. Certain versions of
Microsoft Outlook and Outlook Express can be triggered to automatically infect
your computer with the Klez virus, just by viewing an infected e-mail in the
Preview Pane. Use the instructions above to turn off your Preview Pane.
Back to the top
How to spot a Klez-infected e-mail
Many Klez-infected e-mails arrive with a subject line from the following
list:
- Undeliverable mail--"[Random word]"
- Returned mail--"[Random word]"
- a [Random word] [Random word] game
- a [Random word] [Random word] tool
- a [Random word] [Random word] website
- a [Random word] [Random word] patch
- [Random word] removal tools
- how are you
- let's be friends
- darling
- so cool a flash,enjoy it
- your password
- honey
- some questions
- please try again
- welcome to my hometown
- the Garden of Eden
- introduction on ADSL
- meeting notice
- questionnaire
- congratulations
- sos!
- japanese girl VS playboy
- look,my beautiful girl friend
- eager to see you
- spice girls' vocal concert
- japanese lass' sexy pictures
Known random words include:
- new
- funny
- nice
- humour
- excite
- good
- powful
- WinXP
- IE 6.0
- W32.Elkern
- W32.Klez.E
- Symantec
- Mcafee
- F-Secure
- Sophos
- Trendmicro
- Kaspersky
It is also very difficult to tell where the infected e-mails come from, because
the Klez virus substitutes a different sender in the sender field of the
infected e-mails it automatically generates. This means that you may get
infected e-mails that appear to come from people whose computers are virus-free.
Back to the top