Security news
Security news26 April 2002
Not guilty! Klez fakes emails from anti-virus companies
A number of customers have contacted Sophos technical support concerned that they may have received a virus via email from Sophos.
Sophos would like to reassure its customer base that we have not been infected or sent any viruses to our customers.
The recent W32/Klez-H worm uses its own SMTP engine, and can appear to have come from any email address. Some infected messages have a sender field and message text which imply that the message was sent by a major anti-virus vendor (the virus can use the names Kaspersky, F-Secure, Symantec and Trend Micro as well as Sophos).
Sophos Anti-Virus has been capable of protecting against W32/Klez-H, via detection of its earlier variant W32/Klez-G, since 7 February 2002.
Some customers have also reported receiving an unsolicited email apparently from Sophos claiming to contain disinfection tools for the W32/ElKern virus (the email mistakenly refers to the virus as "W32.Elkern"). These emails contain a copy of the W32/Klez-G worm and, again, do not originate from Sophos.
Sophos recommends that users do not open or launch unsolicited executable attachments and keep their anti-virus software updated.
Computer users are also advised to consider installing a patch from Microsoft which is reported to fix a vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer. The vulnerability is exploited by W32/Klez-H and a number of other viruses.
Do you know how many employees are running virtualisation software on their PCs?
