> From: Zip World Administration <firstname.lastname@example.org>
> To: email@example.com
> Subject: [Zip World] Zip World Virus Alert
> Date: Saturday, 12 June 1999 16:29
> Dear Zip World Customer,
> It has come to Zip World's attention that there is currently a
> malicious virus being spread across the Internet that affects
> Microsoft Windows users. Malicious in being able to remove files
> and altering win.ini settings.
> If you receive a message with an attachment, we recommend that
> you do not open it until you have contacted the sender to verify
> its content. As usual, we recommend that you do not open
> attachments that you receive unless you know the sender.
> For more information about this virus please refer to the CNN
> displayed below for the convenience of those who do not have web
> browsing access.
> -------------------- . .
> . zipworld
> . . web: www.zipworld.com.au | Internet
> Zip World Administration . . tel: +61.2.9253.5777 | Solutions
> firstname.lastname@example.org fax: +61.2.9247.5276 |
> New Worm.ExplorerZip virus spreads over Net
> June 10, 1999
> Web posted at: 4:31 p.m. EDT (2031 GMT)
> by Matthew Nelson
> (IDG) -- A new virus or worm, with the same
> modus operandi of the Melissa Virus, is current-
> ly spreading across the Internet, deleting large
> numbers of files and altering the Win.ini file
> when users reboot.
> Tentatively called the Worm.ExplorerZip virus,
> it is propagating itself using the same API as
> Melissa, and a message stating:
> "Hi [Name] ! I received your email and I shall
> send you a reply ASAP. Till then, take a look at
> the attached zipped docs. bye."
> The message comes along with a zip file named
> Zip_files.exe, which if activated, will show a
> fake error message to the user.
> An executable file will then alter the Win.ini
> file, instructing the client to run an explor-
> er.exe file which is delivered by the virus in
> place of the standard operating system when the
> user reboots. The worm then searches the local
> file drive for the following file types and
> deletes them: .c, .cpp, .asm, .doc, .sls, and
> PowerPoint files.
> "What it will do is it will search through the C
> through Z drives and select randomly a set of
> files of varying extensions, and then it will
> zero out or kill the contents of an arbitrary
> extension of those files," said Carey Nachen-
> berg, chief researcher at SARC, the Symantec An-
> ti-virus Research Center, in Santa Monica,
> The worm does not send itself to users on an ad-
> dress book as Melissa did, but instead will mon-
> itor the inbox of an infected system for incom-
> ing mail. Once a message is received, Worm.Ex-
> plorerZip will then send an auto-reply to the
> sender of the message with the message above.
> The Worm does not alter the subject line of the
> e-mail, as Melissa did, but simply responds with
> the previous senders subject line, making it
> difficult to recognize, according to Vincent
> Gullatto, director of Avert Labs, for Network
> Associates in Beaverton, Ore.
> Worm.ExplorerZip is similar to a virus, but
> technically a "worm" program, as it delivers a
> payload and then moves to another machine in-
> stead of infecting an entire machine, according
> to Nachenberg.
> "A worm is specifically designed to spread it-
> self from one computer to another," said Nachen-
> berg. "It will infect a computer once, deploy
> its payload and then try to move on to other
> SARC received a copy of the worm Sunday, June 6,
> from a user in Israel and issued a fix to its
> special service users the same day. Symantec's
> SARC made its Norton AntiVirus definitions gen-
> erally available for download Wednesday night,
> according to Nachenberg.
> Network Associates is also issuing updates to
> its McAfee Anti-Virus scan as well, according to
> the company.
> Users should always be warned about launching
> executables, according to Nachenberg.
> "If people receive executables in the mail, they
> should not run them," Nachenberg said. "It's
> very dangerous to run executables, even if they
> look cute."
> Matthew Nelson is an InfoWorld senior writer.