Klez Virus Causes Concern

Students across campus waited anxiously Tuesday night to see if the destructive and confusing Klez worm had infected their computers.

With the potential to cause havoc on infected computers on the 6th of every month, the Klez.E worm, a variant in the Klez family that carries with it a file-infecting virus, W32/Elkern.B., has spread rapidly in recent weeks and caused much concern among students.

While the Klez worm, which computer experts say likely originated in Asia, is not particularly high-risk, it has raised concerns because of its potential to delete files on the 6th day of the month and its uniquely confusing nature.

The worm is a “mass-mailer” that sends itself to randomly selected addresses from the user’s address book in Outlook, Eudora and certain versions of Internet Explorer.

Macintosh users and PINE users are not affected by Klez.

Currently, according to Director of Residential Computing Kevin S. Davis ’98, the Harvard University Arts and Sciences Computer Services (HASCS) estimates that only two to three dozen systems on the FAS network have been infected, despite widespread worries that showed in panicked e-mails over House lists.

“Many more students than this think they may have Klez...because systems infected with the Klez.E virus don’t send mail out under the name of the computer’s owner—the virus picks a name at random from the user’s inbox and sends messages as that user,” HASCS said on its website.

“As a consequence, many students are being told by friends that they have a virus when, in actuality, another student’s computer was infected.”

The worm is made even more confusing because both the subject line of its e-mail and the file attachment vary as well, and the extension is usually EXE.

The Klez worm has spread rapidly because, on some systems, it is able to self-launch itself when an infected e-mail is viewed using Outlook, Internet Explorer versions 5.0 and 5.5 or Eudora; it is not necessary to open the attachment itself.

The Klez worm copies itself to the Windows system directory and then creates a registry key to point to itself so that it is loaded during startup.

It then scans for and disables various antivirus software, as well as corrupts important system files in an apparently random manner.

The threat of randomly deleted files caused by Klez has set House e-mail lists aflutter as students discuss ways to outwit it and back-up crucial files like senior theses.

Ashley A. Kircher ’01-’02 said her computer was infected last week.

“I got Klez last Tuesday from a friend of a friend entitled ‘Eager to See You.’ It immediately ate my Microsoft Word and froze my computer,” she said. “My thesis is due on the 18th and so I’ve been panicked, using Microsoft Works as a poor substitute for Word.”

She says three appointments with User Assistants have failed to clear her computer of the problem and that to fix her computer completely might require reinstalling every program.

Students who think that they may have been infected are advised to run a virus scan before contacting HASCS. Information on how to remove the worm is available at the McAfee Security website.

“Students should definitely play it safe with this virus,” Davis said.