| Who we are | Organizations | Get Involved! | Helpdesk |
| Weblog | About FLORA | Server project | F.A.Q. |
|
|
|||||||
| ||||||||
Election 2006 (and beyond): Digital Copyright Canada
From: mcr_-at-_solidum.com (Michael Richardson)
Date: 11 Jun 1999 12:16:59 -0400
Return-Path: owner-poised@lists.tislabs.com
Return-Path: <owner-poised@lists.tislabs.com>
Errors-To: <owner-poised@lists.tislabs.com>
Message-ID: <376126E0.4145008D@iciiu.org>
Date: Fri, 11 Jun 1999 11:10:24 -0400
From: Michael Sondow <msondow@iciiu.org>
X-Mailer: Mozilla 4.03 [fr] (Win95; I)
MIME-Version: 1.0
To: IFWP <list@ifwp.org>, Domain Policy <domain-policy@lists.internic.net>,
ENREDO <enredo@reacciun.ve>,
POISSON list <poised@portal.gw.tislabs.com>
Subject: Virus Shuts Down Microsoft, Intel, Lucent, EMC, NBC, GE Mail
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-poised@lists.tislabs.com
Precedence: bulk
COMPUTERGRAM INTERNATIONAL: JUNE 11 1999
SECTION: INTERNET
Virus Shuts Down Microsoft, Intel, Lucent, EMC, NBC, GE Mail
By Rachel Chalmers
A virus that works like Melissa but seems far more virulent has
destroyed files and shut down mail servers at half a dozen or
more companies, including Microsoft, Intel, Lucent, EMC, NBC,
GE and anti-virus software vendor Symantec, embarrassingly
enough. Variously known as "ZippedFiles", "ExploreZip" and
"Worm.ExploreZip", the virus is actually a software worm. It
arrives as an email containing the message: "Hi [Recipient
Name]! I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs. Bye (or
Sincerely), Sender Name." As a prevention measure, anyone who
gets a message like this should delete it immediately, then
empty the deleted items file.
If run on a Windows 9x system, the attached file, called
zipped_files.exe, will copy itself to the Windows System
directory with the filename Explore.exe. The worm then modifies
the WIN.INI registry such that Explore.exe executes every time
the user starts Windows. It destroys any file with the
extension .h, .c, .cpp, .asm, .doc, .ppt or .xls on the system
hard drive or any mapped drives. These file extensions indicate
C++ and assembler source files, Word documents, PowerPoint
presentations and Excel spreadsheets. The worm also searches
through the C through Z drives of a computer system and selects
a series of files of any extension to make 0 bytes long,
effectively destroying those as well. ZippedFiles will infect
systems without email clients, though if a copy of Microsoft
Outlook is not available, it won't spread any further. Like
Melissa, however, the original email can propagate itself by
sending itself to the addresses in a Microsoft Outlook address
book.
San Jose, California-based Data Fellows Corp says the virus has
been reported from a dozen countries, including Germany,
Norway, Israel and the Czech Republic. "The key issue here is
that messages sent by ZippedFiles are very credible," said
Mikko Hypponen, manager of anti-virus research at Data Fellows.
"They are normal-looking replies to messages you have sent
earlier. You're quite likely to trust these messages and open
the attachment." Data Fellows says it has analyzed the virus
and prepared an update to detect and disinfect it.
Alternatively, Network Associates Inc suggests restarting an
infected computer in MS-DOS mode, editing the WIN.INI file to
remove the line run=C:\windows\system\explore.exe and deleting
the file c:\windows\system\explore.exe. It should then be safe
to restart the computer in Windows.
| Please read the FLORA.org Terms and Conditions before you submit information to FLORA.org | |
Join the Blue Ribbon Online Free Speech Campaign(USA) (Canada) |
 FLORA Community Web
(FLORA.ORG) is sponsored by FLORA
Community Consulting (FLORA.CA).
|