Activity 5.7

1) Klez virus causes damage to a computer system by a blended threat: software that distributes itself like a virus but sometimes behaves like a worm and at other times like a Trojan horse. Klez usually arrives in the in-boxes of unsuspecting victims as a file attachment. It uses various subject lines, including "Klez removal tool". Some variants also draw subject lines from random words in files on a victim's hard drive.
When the victim double-clicks the attachment, or even just previews the message, the fun begins for Klez. It pilfers addresses from the victim's e-mail address books, and also searches the hard drive for addresses from the Web browser cache or temporary files.
What makes Klez particularly insidious is that it draws both a new sender and a new recipient from the infected party's sources. This creates at least three victims: the person who first got the worm, the one who is sent the worm, and the one whose address was taken from the original victim and is used as the new sender.
Because the infected sender's address is not on the new e-mail, the worm is difficult to track. And blocking the return address is ineffective, because that person didn't send the worm. Worse, the innocent sender may well be someone you know, making you more likely to open the message, click on the attachment, and perpetuate the virus.
"These types of social-engineering tricks are extremely effective," says virus researcher Sarah Gordon. People don't want to ignore a friend or colleague, she says. "They feel compelled to look at an attachment--even though they've heard the warning."
In the months since Klez was first identified, antivirus vendors have discovered seven versions of the virus. These strains share many behavioral traits but act slightly differently from one another. For example, some later versions can attack other systems over networks by copying infected files to file servers and shared hard drives. One of the newest variants, W32.Klez.H@mm, contains another worm called ElKern that can damage an operating system beyond repair. In some instances, users must reformat the entire hard drive and reinstall Windows to purge the virus from a PC.

2) I have compared the W32/Klez-H virus and the W32/ElKern-C virus and the difference of the two are that W32/ElKern-C is an executable file virus that works only under Windows 98, Windows Me, Windows 2000 and Windows XP and W32/Klez-H will corrupt any installation of Sophos Anti-Virus it finds, so it must be removed with DOS SWEEP or SAV32CLI before installing a new version.

3) I have researched and found that http://www.sophos.com/security/analyses/viruses-and-spyware/w32klezh.html has the best klez antivirus software because it is free, comes from a reliable source, instruction on how to use, information and much more.