If you use Microsoft Outlook, Outlook Express, or Microsoft Exchange, be
aware of this and update your virus scanner's definition files.
>This is a verified virus (Worm, actually) alert. It was verified by
>Network Associates, makers of McAfee at
>http://www.avertlabs.com/public/datafiles/valerts/vinfo/va10185.asp and by
>Symantec's Antivirus Research Center (SARC) at
>http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
>
>Both of the above pages have excellent information on this Worm.
>
>
>NEW VIRUS ALERT!!! THIS IS NO JOKE!!
>
>IF YOU RECEIVE AN EMAIL WITH AN ATTACHMENT CALLED ZIPPED_FILES, DELETE IT
>IMMEDIATELY
>
>Information and a sample will look like this:
>
>Virus Alert: Win95.ZippedFiles (aka. Worm.ExploreZip)
>
>Name
>Win95.ZippedFiles (aka. Worm.ExploreZip)
>
>Symptoms
>The worm spreads as an attachment to an e-mail with the following message
>body:
>
>Hi <Name of Recipient>!,
>I received your email and I shall send you a reply ASAP.
>Till then, take a look at the attached zipped docs.
>bye
>
>Users receive this as a response to an e-mail they previously sent to a
>known account. The user’s name is usually in the first line and the subject
>line is random, but normally the same subject as a previously sent e-mail.
>
>The e-mail contains an attachment called "zipped_files.exe" which is
>210,432 bytes in size. The attachment displayed uses a WinZip icon shown
>above, disguising itself as a self-extracting file.
>
>The worm also copies itself to the Windows System (System32 on Windows NT)
>directory with the filename "Explore.exe", and
>modifies the WIN.INI file (Windows 9x) or the registry (on
> Windows NT). This results in the program being executed each time
>Windows is started.
>
>In addition, when Worm.ExploreZip is executed, it searches drives C through
>Z of your computer system and selects a series of files to destroy based on
>file extensions (including .h, .c, .cpp, .asm, .doc, .xls, .ppt) by calling
>CreateFile(), and making them 0 bytes long. You may notice extended hard
>drive activity when this occurs. This can result in non-recoverable data.
Mary Ellin D'Agostino, PhD, RPA
Post-Doctoral Fellow
Archaeological Research Facility
University of California
Berkeley, CA 94720-1076
Fax: 510-643-9637
[log in to unmask]
|