Australia has yet to report any infections from the recent variant of the Klez worm (Klez.g) that began spreading in Asia last night, although anti-virus vendor Trend Micro has labelled it a corporate threat locally as it searches for shared networks to infect.

-We haven't seen any infections here in Australia yet, it's restricted to the Asia-Pacific region - Japan and Taiwan - and Germany and France," Trend Micro managed services architect Australian & New Zealand, Andrew Gordon, told ZDNet Australia.

Arriving via e-mail, Klez.g as usual attacks the recipient's personal address book, spamming back out to stored e-mail addresses. However, making the worm difficult to detect is the fact that it come with random attachment names and subject messages.

-One bad thing is it doesn't always require the e-mail receiver to click on it," Gordon said, explaining that the automatic execution kicks in.

Upon execution of the worm a wink*.exe file is copied into the Windows system directory and modifies the registry so that the worm executes its payload every time the system is rebooted. As with its predecessors, Klez.g attempts to unload anti-virus software from running.

Of particular concern is the fact the new variant releases a separate Trojan, Pe_elkern.d, which has network infection capabilities similar to nimda. In other words, it starts looking for shared networks to infect whilst the initial virus is still spamming Internet users in the infected e-mail address book. -A very serious threat to the corporate environment," Gordon said.

-We're still classing it as a medium risk and we'll continue to do that today," Gordon said.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.