Virus Alert!!! Zip file virus outbreak! 12/1/99
This question was answered on December 1, 1999. Much of the information contained herein may have changed since posting.
A potentially hazardous e-mail attachment virus has been found to be spreading quickly This is a variation of the previously discovered W32/ExploreZip.worm virus that we warned you of earlier this year It is particularly pervasive in corporate networks because of its method of spreading
WHO IS AT RISK?
Users of Microsoft's Outlook, Outlook Express and Exchange e-mail programs are in the highest risk group.
HOW DO I TELL IF I HAVE RECEIVED AN INFECTED MESSAGE (REPLY)?
Once it has infected a computer, it automatically responds to any message that the computer recieves by sending a reply that looks like this:
"I received your email and I shall send you a reply ASAP Till then, take a look at the attached zipped docs "
The subject line will just put the Re: statement in front of the original senders subject line, making it look like a reply to an earlier message The attached "worm" named "zipped_files.exe" has a file size of 120,495 bytes If Winzip is installed in the computer, the file has a Winzip icon which is designed to fool unsuspecting user into running it as a self-extracting file If you run this attachment a fake error message will appear that says:
"Cannot open file: it does not appear to be a valid archive If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again Please press F1 for help."
Once this has occurred, it will search all local drives for the following file types: .c, .cpp, .h, .asm, .doc, .xls, or .ppt (this includes Microsoft Word, Excel and Powerpoint documents.) When found, they are opened and immediately closed leaving them with a zero byte count Approximately 30 minutes after infection this process is repeated
What makes this virus particularly dangerous is that it can locate and infect system drives which are NOT mapped as network drives using functions from MPR.DLL and Network Neighborhood!
HOW DO I PROTECT MYSELF?
First and formost, do not open any attached files from anyone, even your friends and associates, unless you know exactly what it is Make sure your anti-virus program is up-to-date (You should be checking with the manufacturer web site at least once a month) If you need to purchase software, you can do so on-line at:
<a href="http://www.support4free.com/softgallery.cfm"><font color="#003399">http://www.support4free.com/softgallery.cfm
About the author
Posted by Ken Colburn of Data Doctors on December 1, 1999