Who is Klez?
Klez is a computer worm that propagates via e-mail. It first appeared in October 2001 and was originated in China. A number of variants of the worm exist. The virus (Klez) itself is a Windows PE EXE file of about 65KB, and it operates on WIN32 platforms. Klez infects Microsoft Windows systems, exploiting a vulnerability in Internet Explorer's Trident layout engine, used by both Microsoft Outlook and Outlook Express to render HTML mail. The e-mail through which the worm spreads always includes a text portion and one or more attachments. The text portion consists of either an HTML internal frame tag which causes buggy e-mail clients to automatically execute the worm, or a few lines of text that attempt to induce the recipient to execute the worm by opening the attachment (sometimes by claiming that the attachment is a patch from Microsoft; sometimes by claiming that the attachment is an antidote for the Klez worm). The first attachment is always the worm, whose internals vary. Once the...
