Media reports and announcements from various anti-virus vendors
have warned that the W32/Klez-E worm will
initiate a destructive payload today, 6 March.
On the sixth day of any odd numbered month (in other words,
January, March, May, July, September and November) the worm
triggers its payload.
On the sixth of March, May, September and November the worm
overwrites files with the following extensions: .TXT, .HTM, .HTML,
.WAB, .DOC, .XLS, .JPG, .C, .PAS, .MPG, .MPEG, .BAK and .MP3.
On the sixth of January or July the W32/Klez-E worm overwrites
all files.
Because of its destructive payload, W32/Klez-E has attracted a
lot of attention from the media. However, Sophos first published
protection against W32/Klez-E on 17 January 2002, and it is built
into Sophos Anti-Virus version 3.55 (March 2002). As such,
customers who have kept their anti-virus protection up to date
should have nothing to fear from W32/Klez-E.
Coincidentally, today is the 10th anniversary of the Michelangelo virus
scare which dominated news headlines on 6 March 1992.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.