A number of customers have contacted Sophos technical support
concerned that they may have received a virus via email from
Sophos would like to reassure its customer base that we have not
been infected or sent any viruses to our customers.
The recent W32/Klez-H worm uses its
own SMTP engine, and can appear to have come from any email
address. Some infected messages have a sender field and message
text which imply that the message was sent by a major anti-virus
vendor (the virus can use the names Kaspersky, F-Secure, Symantec
and Trend Micro as well as Sophos).
Sophos Anti-Virus has been capable of protecting against
W32/Klez-H, via detection of its earlier variant W32/Klez-G, since 7
Some customers have also reported receiving an unsolicited email
apparently from Sophos claiming to contain disinfection tools for
virus (the email mistakenly refers to the virus as "W32.Elkern").
These emails contain a copy of the W32/Klez-G worm and, again, do
not originate from Sophos.
Sophos recommends that users do not open or launch unsolicited
executable attachments and keep their anti-virus software
Computer users are also advised to consider installing a
patch from Microsoft which is
reported to fix a vulnerability in some versions of Microsoft
Outlook, Microsoft Outlook Express, and Internet Explorer. The
vulnerability is exploited by W32/Klez-H and a number of other