This study reviews the properties of the Klez.H worm, key findings from a set of infection experiments, and some of the network security tools needed to detect Klez.H infection. Both reported results and new unreported findings from this study show that Klez.H exploits several known SANS/FBI Top 20 List of vulnerabilities to propagate and infect local and remote computers on a Local Area Network. These include a sleep/wake routine for scanning the network for new files and directories to infect, creation and deletion of stealth processes for file infection, creation of root level shares with Full Control Permissions for Everyone, and the creation of a back door internet-bot on port 1027. The experimental results of this study highlight that virus protection involves not only the downloading and updating of a new virus signature, but also the deployment of secondary security measures beyond antivirus patterns and scanning routines.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
