[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: *** MiniZip Virus Wreaks Havoc ***
- To: "Debate" <debate@fitug.de>
- Subject: Fwd: *** MiniZip Virus Wreaks Havoc ***
- From: "Kai Raven" <kai.raven@ob.kamp.net>
- Date: Fri, 03 Dec 1999 01:25:52 +0100
- Comment: This message comes from the debate mailing list.
- References: <017601bf3c41$665090c0$225daecf@sys.dev.nul>
- Sender: owner-debate@fitug.de
-----BEGIN FORWARDED MESSAGE-----
On 01.12.1999 at 14:16 MJE2 <mark@NTSECURITY.NET> wrote:
>*** MiniZip Virus Wreaks Havoc ***
>
>Wednesday, December 01, 1999 - The ExplorerZip Worm is back in the news
>again. A new rendition of the dangerous virus has been discovered in the
>wild. The difference with the new version is that it is compressed,
allowing
>it to bypass detection routines that would normally capture and contain
>ExplorerZip. The new virus, ExplorerZipPack (or MiniZip) is very dangerous
>and spreading rapidly, and therefore should be guarded against
immediately.
>
>According to Symantec's report, the virus can propagate itself very
quickly
>through email automatically and also via the network. When the email is
>sent, it will have the following email content.
>
>I received your email and I shall send
>you a reply ASAP.
>Till then, take a look at the attached
>zipped docs.
>
>It will also contain a file attachment (worm) named zipped_files.exe.
>According to the rport, the worm has a very destructive payload and will
>destroy any file with a filename extension of: h, c, cpp, asm, doc, ppt,
or
>xls.
>
>Once the attachment is executed, it will unpacked itself and execute the
>original Worm.ExploreZip routine. It may display an error message
informing
>the user that the file is not a valid archive.
>
>The worm proceeds to copy itself to the c:\windows\system directory with
the
>filename explore.exe and then modifies the WIN.INI file so that the
program
>is executed each time Windows is started. The worm then utilizes your
e-mail
>client to harvest e-mail addresses in order to propagate itself. Users may
>notice that their e-mail client launches when this occurs.
>
>Keep in mind that you should NEVER open file attachments unless you're
>certain you know the contents, even when those files come from people you
>know. In cases where you are uncertain as to the payload of any given
>attachment, contact the mail sender requesting that information. If it
>cannot be provided, consider not opening the attachment until it has been
>inspected by a virus scanner using the latest virus signature updates.
>
>In cases where you are uncertain of an attachment's contents, it's
probably
>best to wait a few day before you open the file or trust a virus scanner's
>results. The waiting period gives time for others who may have received
the
>same file attachment to report a virus infection and gives time for
>antivirus software vendors to create appropriate signature detection that
>you can then add to your own virus scanner.
>
>http://www.symantec.com/avcenter/venc/data/worm.explorezip.pack.html
>
>_____________________________________________________________________
>** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
>** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
>SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net
>
----- END FORWARDED MESSAGE-----
--
Homepage: http://home.kamp.net/home/kai.raven/index.html
DH/DSS PGP-Key ID: 0xA0232531