Jesse Berst: Devastating email worm on the loose
Published: 11 Jun 1999 08:13 BST
And very dangerous. Worm.ExploreZip is a virus capable of destroying data. It enters your system through email. If you don't catch it, it may destroy crucial files on your system.
Experts aren't sure how far Worm.ExploreZip has spread, but email systems at Microsoft, Intel, Symantec, NBC and General Electric were hit so hard that some had to shut down mail servers. That kind of malicious power should not be ignored. By the time you read this, millions more computers could be overwhelmed. Here's what to do right now:
- Know the worm's habits
- Sanitize your system and your company
- Be prepared for the next one
You're a target if you use: ·
- Microsoft Windows 95, 98 or NT ·
- Microsoft Outlook or Microsoft Exchange for email
The worm -- first discovered in Israel -- enters as an email attachment with the name "zipped_files.exe." Its deceptively friendly message reads: Hi "name of recipient"! I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye. Experts say you should delete it without opening it, and then empty the deleted items file. If it executes, the worm copies itself to the windows system directory with the filename "Explore.exe" and then modifies the WIN.INI file so the program executes each time Windows starts.
It then uses the infected computer's email client to harvest email addresses in order to propagate itself. But behind the scenes, it plays real mean: searching C through Z drives and selecting crucial file extensions and rendering them useless by making them 0 bytes long. Result: Non-recoverable data or computer system failure.
To sanitise your system, you need to mount a full-scale assault.
Waste no time.
Did you find this article useful?
24 out of 74 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
