Payload delay cushions Klez.e damage

PUBLISHED : Thursday, 07 March, 2002, 12:00am
UPDATED : Thursday, 07 March, 2002, 12:00am

Damage caused in Hong Kong by a computer virus expected to deliver a destructive payload yesterday was minimal, according to sources in the anti-virus field.

One reason could be that the Klez.e virus has been around since mid-January and information on it has been available since then. The payload, set to activate on the sixth day of every month, would have over-written files on infected computers.

The virus is a variant of the Klez worms that first appeared in October and spread by e-mailing themselves to addresses in users' Microsoft Outlook address books.

David Sykes, North Asia director for anti-virus firm Symantec, said the company had no reports of Klez.e damage yesterday, partly because updated virus definitions for the Klez family had been available for a long time.

'They [users] have had plenty of time to patch. The vast majority of people would have done that. The person who's going to get hit here is the person who hasn't got any anti-virus protection, hasn't updated,' he said.

As of yesterday evening, there were no reports of massive damage done by the Klez payload.

Hong Kong's Computer Emergency Response Team Co-ordination Centre (HKCert) considers the threat from Klez.e serious and ongoing. HKCert has received 11 infection reports, including one yesterday. The payload may still affect new machines as the virus continues to spread.

Roy Ko Wai-pak, the centre manager, said HKCert would probably post a notice on its Web site warning of the potential threat. There was life in the virus and the fact that it over-wrote files could mean serious damage to companies that did not back up their data.

Klez made the top 10 list of viruses last month and is expected to spread, albeit slowly compared to last year's Code Red and Nimda viruses. Despite the fact that Klez.e 'delivers a pretty mean payload', Mr Sykes said, it was not as damaging as those two because they combined aspects of different viruses and had several ways of attack.

Because of the lag between the creation of the Klez.e worm and the delivery of its payload, the intention was probably to gain attention rather than do real damage. 'These virus writers want to announce their work. It's really to get the credit for putting it out,' he said.