[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: *** MiniZip Virus Wreaks Havoc ***


On 01.12.1999 at 14:16 MJE2 <mark@NTSECURITY.NET> wrote:

>*** MiniZip Virus Wreaks Havoc ***
>Wednesday, December 01, 1999 - The ExplorerZip Worm is back in the news
>again. A new rendition of the dangerous virus has been discovered in the
>wild. The difference with the new version is that it is compressed,
>it to bypass detection routines that would normally capture and contain
>ExplorerZip. The new virus, ExplorerZipPack (or MiniZip) is very dangerous
>and spreading rapidly, and therefore should be guarded against
>According to Symantec's report, the virus can propagate itself very
>through email automatically and also via the network. When the email is
>sent, it will have the following email content.
>I received your email and I shall send
>you a reply ASAP.
>Till then, take a look at the attached
>zipped docs.
>It will also contain a file attachment (worm) named zipped_files.exe.
>According to the rport, the worm has a very destructive payload and will
>destroy any file with a filename extension of: h, c, cpp, asm, doc, ppt,
>Once the attachment is executed, it will unpacked itself and execute the
>original Worm.ExploreZip routine. It may display an error message
>the user that the file is not a valid archive.
>The worm proceeds to copy itself to the c:\windows\system directory with
>filename explore.exe and then modifies the WIN.INI file so that the
>is executed each time Windows is started. The worm then utilizes your
>client to harvest e-mail addresses in order to propagate itself. Users may
>notice that their e-mail client launches when this occurs.
>Keep in mind that you should NEVER open file attachments unless you're
>certain you know the contents, even when those files come from people you
>know. In cases where you are uncertain as to the payload of any given
>attachment, contact the mail sender requesting that information. If it
>cannot be provided, consider not opening the attachment until it has been
>inspected by a virus scanner using the latest virus signature updates.
>In cases where you are uncertain of an attachment's contents, it's
>best to wait a few day before you open the file or trust a virus scanner's
>results. The waiting period gives time for others who may have received
>same file attachment to report a virus infection and gives time for
>antivirus software vendors to create appropriate signature detection that
>you can then add to your own virus scanner.
>** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
>** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
>SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net


Homepage: http://home.kamp.net/home/kai.raven/index.html
DH/DSS PGP-Key ID: 0xA0232531