[MOL] [Fwd: Fw: [Zip World] Zip World Virus Alert] [00672] Medicine On Line

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MOL] [Fwd: Fw: [Zip World] Zip World Virus Alert]

In case you haven't already seen this. Just another reminder never to
open executable files unless you are absolutely sure where they came
Marianne (Mam)

---- Begin included message ----

> From: Zip World Administration <admin@zip.com.au>
> To: zipworld-customers@zip.com.au
> Subject: [Zip World] Zip World Virus Alert
> Date: Saturday, 12 June 1999 16:29
> Dear Zip World Customer,
> It has come to Zip World's attention that there is currently a
> malicious virus being spread across the Internet that affects
> Microsoft Windows users. Malicious in being able to remove files
> and altering win.ini settings.
> If you receive a message with an attachment, we recommend that
> you do not open it until you have contacted the sender to verify
> its content.  As usual, we recommend that you do not open
> attachments that you receive unless you know the sender.
> For more information about this virus please refer to the CNN
> article
> http://www.cnn.com/TECH/computing/9906/10/virus.idg/index.html
> displayed below for the convenience of those who do not have web
> browsing access.
> -- 
> --------------------      . .       
>                         .  zipworld
>                         .     .      web: www.zipworld.com.au | Internet
> Zip World Administration  . .        tel: +61.2.9253.5777     | Solutions
> admin@zipworld.com.au                fax: +61.2.9247.5276     |
> http://www.cnn.com/TECH/computing/9906/10/virus.idg/index.html
> 	       New Worm.ExplorerZip virus spreads over Net 
>                June 10, 1999
>                Web posted at: 4:31 p.m. EDT (2031 GMT)
>                by Matthew Nelson 
>                (IDG)  --  A  new  virus  or worm, with the same
>                modus operandi of the Melissa Virus, is current-
>                ly spreading across the Internet, deleting large
>                numbers of files and altering the  Win.ini  file
>                when users reboot.
>                Tentatively  called  the Worm.ExplorerZip virus,
>                it is propagating itself using the same  API  as
>                Melissa, and a message stating:
>                "Hi  [Name]  ! I received your email and I shall
>                send you a reply ASAP. Till then, take a look at
>                the attached zipped docs.  bye."
>                The  message  comes  along with a zip file named
>                Zip_files.exe, which if activated, will  show  a
>                fake error message to the user.
>                An  executable  file will then alter the Win.ini
>                file, instructing the client to run  an  explor-
>                er.exe  file  which is delivered by the virus in
>                place of the standard operating system when  the
>                user  reboots.  The worm then searches the local
>                file drive for  the  following  file  types  and
>                deletes  them:  .c,  .cpp, .asm, .doc, .sls, and
>                PowerPoint files.
>                "What it will do is it will search through the C
>                through  Z  drives  and select randomly a set of
>                files of varying extensions, and  then  it  will
>                zero  out  or  kill the contents of an arbitrary
>                extension of those files,"  said  Carey  Nachen-
>                berg, chief researcher at SARC, the Symantec An-
>                ti-virus  Research  Center,  in  Santa   Monica,
>                Calif.
>                The worm does not send itself to users on an ad-
>                dress book as Melissa did, but instead will mon-
>                itor  the inbox of an infected system for incom-
>                ing mail. Once a message is  received,  Worm.Ex-
>                plorerZip  will  then  send an auto-reply to the
>                sender of the message with the message above.
>                The Worm does not alter the subject line of  the
>                e-mail, as Melissa did, but simply responds with
>                the previous senders  subject  line,  making  it
>                difficult  to  recognize,  according  to Vincent
>                Gullatto, director of Avert  Labs,  for  Network
>                Associates in Beaverton, Ore.
>                Worm.ExplorerZip  is  similar  to  a  virus, but
>                technically a "worm" program, as it  delivers  a
>                payload  and  then  moves to another machine in-
>                stead of infecting an entire machine,  according
>                to Nachenberg.
>                "A  worm  is specifically designed to spread it-
>                self from one computer to another," said Nachen-
>                berg.   "It  will infect a computer once, deploy
>                its payload and then try to  move  on  to  other
>                computers."
>                SARC received a copy of the worm Sunday, June 6,
>                from a user in Israel and issued a  fix  to  its
>                special  service  users the same day. Symantec's
>                SARC made its Norton AntiVirus definitions  gen-
>                erally  available  for download Wednesday night,
>                according to Nachenberg.
>                Network Associates is also  issuing  updates  to
>                its McAfee Anti-Virus scan as well, according to
>                the company.
>                Users should always be  warned  about  launching
>                executables, according to Nachenberg.
>                "If people receive executables in the mail, they
>                should not run  them,"  Nachenberg  said.  "It's
>                very  dangerous to run executables, even if they
>                look cute."
>                Matthew Nelson is an InfoWorld senior writer.
---- End included message ----