The Klez.H worm arrives as an email attachment from someone you probably don't know. The Klez worm exploits an old flaw in Microsoft Outlook, that tricks Outlook into executing the attachment - even if the email is not read.

If you have the preview pane open with an unpatched version of Outlook - when Outlook formats the HTML email document in the preview pane, you're infected. The worm attempts to turn off any antivirus programs that are running, then gathers email addresses from the Outlook Address book, ICQ databases, and from web pages you've visited recently (like FindAnISP.com). It then starts mailing documents randomly from your computer to random email addresses it found on your computer (like arrgh@findanisp.com).

Unlike earlier similar worms, the Klez worm puts a random email address in the From: header, so the person who has an infected computer is not shown as the person in the from: header. In some cases, the "return-path:" header does have the email address of the actual person with the infected computer, but this appears to sometimes not be true.

The worm either picks out a random string from a random document it finds on the infected computer, or it uses one of its default randomized subjects. Typical subjects are:

• A [very or special] [funny or humour] [website or game]
• Undeliverable mail-- (A faked bounced email)
• Returned mail--
• A WinXP patch
• A IE 6.0 patch
• W32.Elkern removal tools
• W32.Klez.E removal tools
• This game is my first work.
• You're the first player.
• I expect you would like it.

• About.com Klez Help center
• Microsoft Outlook Patch (March 29, 2001)
• Symantec w32.klex.gen@mm information
• McAfee description of W32.klez worm
• F-Secure Klez description

Alternative email readers

• Pegasus - A very good Freeware Windows email client.
• PocoMail - Shareware in addition to being very paranoid about attachments and scripts, it sill renders HTML email. An additional plus is that PocoMail gives you the ability to not load the graphics in an HTML email - spammers now use "bugs" in spammail which informs them every time you open a spam email, so they know that you want them to send more.
• Eudora - Full featured email client in free and sponsored versions

Free Virus Scanners

• HouseCall - free online scan from Trend Micro
• AVG Antivirus - free AV program for personal use

We're not Anti-Microsoft, but Outlook and other Microsoft software products have a history of flaws that have permitted hackers to exploit Windows based systems. These flaws likely are showing up partly because of the zealous efforts of people who think Bill Gates is the AntiChrist - rather than the software having a higher defect rate than Linux.

Strategy #2 - Install the Outlook patches up to the current release, and frequently go to Windows Update and make sure you apply security patches when they are released. Users of Windows XP have the benefit that Microsoft has largely automated the distribution of critical patches.

Strategy #3 - Buy and use a good AntiVirus software package, including ongoing support. Update the definition files regularly. While there is always the chance that you might be the first person to get a new virus/worm before the AV companies can create a fix, the chances of that are slim, especially if you don't engage in high risk activities.

Strategy #4 - Don't engage in high risk activities. Things that make your computer a high profile target increase your risk of getting infected. These include:

• Downloading "Warez" from web sites or Usenet Newsgroups
• Your children using the computer unsupervised (Is your child a script kiddie?)
• Using Internet Relay Chat
• Running a web server on your PC
• Opening attachments that were not expected
• Putting maito: addresses on your web pages

Strategy #5 - Use an ISP that does server level Virus blocking

The advantage to this approach is that you don't waste time downloading copies of the virus, even if your own protection methods would have caught it.

Strategy #6 - Back up early and often - protect yourself from the next worm

This won't prevent an infection, but can save you a lot of time in recovering if you do make a mistake. In the event your computer is compromised, the worm or virus may have damaged data files that cannot be recovered. The time to think about backups is before you need them. Every new computer user makes the mistake at least once of losing everything and having no backups.  Also, be sure to brush and floss after every meal and after snacks.