Peter Ferrie
Virus Bulletin, August 2002, pp.8-9
ISSN 0956-9979
August 2002
Download PDF (40.69Kb) (You need to be registered on forum)W32/Elkern could be considered the `little brother' of W32/Klez. Even though Klez carries the Elkern virus and runs it on the machines that Klez infects, it is Klez that has received all the attention. Little mention is ever made of Elkern, and some of the details of its behaviour have remained unexplained. They are described here.
There are three variants of Elkern. The first, which is 3326 bytes long, is carried by Klez variants A to D, F and G; the second Elkern variant, which is 3587 bytes long, is carried by Klez.E, and the third, which is 4926 bytes long, is carried by Klez variants H to L.