TO: All Employees
FROM: Outlook/Exchange Product Manager
RE: Destructive Email Virus Alert
Destructive Email Virus: Do not open email file attachments titled:
"zipped_files.exe"
Please delete messages bearing this attachment!
4:15 AM, Pacific Daylight Time, June 10, 1999: The Virus Response Team
(VRT) reports that a destructive virus named "Worm.explore" is infecting
Microsoft Windows systems. This virus can affect desktops,
laptops, and network shares. If your system becomes infected, this virus
will permanently delete files on your system by changing the file size to 0
bytes. The virus is self-propagating via Outlook* email. Once an infected
zipped file attachment is opened, the virus sends the infected file out
through email, similar to the previous Melissa virus.
What you need to do
If you get an email message with an attachment named "zipped_files.exe" - DO
NOT RUN THIS PROGRAM. Press the SHIFT and DELETE keys at the same time to
permanently remove this message from the mail system. If you have received
this virus, you can further infect others via email. Please permanently
delete this file if you receive it.
How the virus infects systems
The virus-bearing message will arrive with an attachment with the filename
"zipped_files.exe". This file may be sent to you from a known email
correspondent. The body of the e-mail message may contain the following
text:
Hi Recipient Name!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye
The virus will copy itself to the c:\windows\system directory with the
filename "Explore.exe" and then modifies the WIN.INI file so the program is
executed each time Windows is started. The virus utilizes your Outlook
e-mail to send the infected file as replies to any received messages in your
inbox. Your name will appear as the sender.
Detection and Cleaning
This is a new virus and there is no standard detection or cleaning solution
at the current time. Updates will be posted on Circuit as soon as they are
available.
Thank you for your cooperation during this virus incident.We will provide
frequent updates via Circuit as the situation evolves.
* Other names and brands are the property of their respective owners.
-- Watch Out (Alert@yahoo.com), June 10, 1999
Answers
McAfee is calling this the W32/ExploreZip.worm See the info posted
today at the McAfee site:
http://vil.mcafee.com/vi
l/vpe10183.asp
-- Arnie Rimmer (Arnie_Rimmer@usa.net), June 10, 1999.
My wife, who works for a defense contractor, contacted me today and
warned me not to open any mail sent from an "unknown" source, carrying
an attachment.
She indicated this virus is pretty destructive, erasing data and files
on Drive "C." Apparently it has done some damage where she is
employed.
Wit respect,
-- Dave Walden (wprop@concentric.net), June 10, 1999.
From AP wire
/cat:F/pri:U/sld:F/por:1/for:5/slu:AM-COMPUTERVIRUS 5thLd-Writethru 9----
@TEXT
AM-Computer Virus, 5th Ld-Writethru, f0363,0735
Outbreak of new e-mail computer virus reported
Eds: ADDS 3 graphs at bottom to explain how to avoid virus, bgng "Mark Zajicek... By BRUCE MEYERSON
AP Business Writer
NEW YORK (AP) � A new computer virus was spreading across the Internet Thursday, infecting machines by e-mail
like the recent Melissa virus � but causing more damage by ruining computer files.
Anti-virus teams in the government and at universities were trying to determine the severity of the outbreak of
"Worm.Explore.Zip," a virus that arrives by e-mail with an attached file that can infect a computer.
Numerous anti-virus software makers issued alerts on the Internet, with one saying the bug had spread to a dozen
countries. It wasn't clear how many computers or networks had been stricken so far.
General Electric temporarily shut down its e-mail system Thursday morning when the virus was detected in the
company's computer network. Microsoft cut off its corporate e-mail connection with the Internet for two hours as a
precaution.
Some firms saw major damage to computer files.
"We have the virus," said Rachel Albert, a spokeswoman at InterActive Public Relations of San Francisco. "It's terrible. A
lot of people lost everything they were working on."
Virus experts said the volume of calls reporting problems was substantially higher than normal.
"We've had 10 first-hand reports of sites that have been infected and a substantial numbers of second-hand reports,"
said Shawn Hernan, a team leader at the Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh.
"Our belief right now is that it's spreading fairly quickly within a site but not as quickly from site to site," Hernan said,
noting that his team is working with an anti-virus group in the Department of Defense to contain the outbreak.
"We do know that some sites have taken their electronic mail systems off line to slow the spread of the infection."
Trend Micro, a maker of anti-virus software, said "five large customers with names you would know" reported Thursday
that their systems were infected. Trend Micro declined to name the companies affected.
Worm.Explore.Zip arrives with a friendly message: "Hi (Recipient Name)! I received your email and I shall send you a
reply ASAP. Till then, take a look at the attached zipped docs."
The virus actually isn't dangerous unless the computer opens the "zipped docs," a term referring to a compressed file
sent along with the e-mail. By opening that file, a computer user inadvertently activates the virus.
The virus then worms its way into the computer user's e-mail program and sends a copy of itself to the address of any
e-mail that subsequently arrives.
It also hunts through a computer's hard drive and deletes the information in files created by popular software, including
the word processor Microsoft Word and the spreadsheet program Microsoft Excel.
"The payload on this virus is more destructive than the Melissa payload was," said Bill Pollak, spokesman for the
Computer Emergency Response Team. But, he added, "It's too soon to be able to say" how much damage the virus has
caused.
The virus is the third to draw national attention since late March, when the Melissa virus overwhelmed computer
networks with floods of e-mail. A more damaging virus named Chernobyl struck in late April, but did most of its harm
overseas.
Worm.Explore.Zip did only marginal damage at General Electric because systems managers had been watching for the
virus after being alerted to it on Wednesday, said spokeswoman Pam Wickham.
"We had great containment because they spotted it coming into our corporate servers this morning," said Wickham.
"We had some minor (computer) disruptions today, but our systems have been up since mid-afternoon."
Mark Zajicek, member of the Computer Emergency Response Team technical staff at the Software Engineering Institute
at Carnegie Mellon University, said computer users should be cautious about any e-mail with an attachment.
"If they get this e-mail message or any e-mail with an attachment, do not open it," Zajicek said. "Don't click on it, don't run
it, don't execute it."
It is also a good idea for those who have PCs or Windows machines to install an anti-virus scanner program, he said.
AP-ES-06-11-99 0018EDT
�
-- fake (fake@out.com), June 11, 1999.
LOOK OUT FOR THE FOLLOWING VIRUSES...
LEWINSKY VIRUS: Sucks all the memory out of your computer, then
e-mails
everyone about what it did.
RONALD REAGAN VIRUS: Saves your data, but forgets where it is stored.
MIKE TYSON VIRUS: Quits after two bytes.
OPRAH WINFREY VIRUS: Your 300 MB hard drive suddenly shrinks to
100MB, then
slowly expands to 200 MB.
DR. JACK KEVORKIAN VIRUS: Deletes all old files.
TITANIC VIRUS (A strain of the Lewinsky virus): Your whole computer
goes down.
DISNEY VIRUS: Everything in your computer goes GOOFY.
PROZAC VIRUS: Screws up your RAM but your processor doesn't care.
ARNOLD SCHWARZENEGGER VIRUS: Terminates zome viles, leaves, but it
vill be
back.
LORENA BOBBIT VIRUS: Reformats your hard drive into a 3.5-inch floppy
then
discards it through Windows.
VIAGRA VIRUS: Makes a new hard drive out of an old floppy.
CLINTON VIRUS: Gives you a 7-inch hard drive with no memory.
````````````````````````````````````````````````````````````````````
-- o (o@o.o), June 11, 1999.
Moderation questions? read the FAQ