A new variant of the Klez virus has started spreading rapidly. This new variant is called Klez.H@mm and seems to be originating from Asia.

This new variant is spreading much faster than its predecessors and is both a companion virus and a worm. Klez.H@mm also drops a new virus on an infected machine, called Elkern.C.

It sends out e-mail spreading itself with random subjects and randomly named attachment. Klez.H@mm seem to be very similar to its predecessors with the exceptions that a .PDF ending has been added to the list it uses for making double extensions and that Klez.H has no payload routine itself.

Klez.H occasionally uses a social engineering trick that the other variants did not use. It then spreads through an e-mail message disguised as a cleaning tool for Klez.E. The subject line of these messages is 'Worm Klez.E immunity' and the body states that the attachment contains a special tool for defeating Klez.E. It even warns the recipient that some anti-virus products might trigger on the 'tool', but asks users to ignore the warning.

F-Prot Antivirus™ version 3.12 using virus signature files from the 17th of April detects Klez.H@mm.