It is possible the creator of Klez was rather indecisive. The malware, which confounded computer users in the early 2000s, was all at once a virus, a worm, and a Trojan horse.
Basically, Klez contained every trick in the hacker playbook, including the use of its own SMTP server to replicate via email, attempts to disable antivirus software, and the overwriting of other files.
Klez makes a mess
In this March 2002 article from the Harvard Crimson, students described the havoc it wreaked. “I got Klez last Tuesday from a friend of a friend entitled ‘Eager to See You,’” one said. “It immediately ate my Microsoft Word and froze my computer. My thesis is due on the 18th and so I’ve been panicked, using Microsoft Works as a poor substitute for Word.” (Fair point.)
Klez tripped up users with a new concept for the time: spoofing. The malware searched its victim’s contact list and looked for names to place in the “From:” field—names just familiar enough to the next recipients that they would click open. Klez also generated multiple subject lines, often containing the names of well-known virus or antivirus software to further confuse users.
The first version of Klez appeared in December 2001, with some variants having more negative impact than others. As of late May 2002, some email traffic experts estimated one in 300 emails carried the Klez.H variant, yet Klez.I—released on the same day as Klez.H—was a relative nonissue. The rapid morphing of the malware made it difficult to stop in its tracks. In an interesting twist, some variants activated their payload only during the sixth day of odd-numbered months, with super payloads activated in January and July.
Photo: wk1003mike / Shutterstock
