ExploreZip Worm Hits The Net Again

A variant of the notorious ExploreZip worm hit the Internet this week, infecting corporate systems and threatening holiday shoppers who are moving online for a record e-commerce shopping season.

Symantec Corp. (Nasdaq: SYMC), and other utility software vendors such as Trend Micro, Inc. (Nasdaq: TMIC) and Central Command, Inc., have issued warnings about W32/ExploreZip.worm.pak. Users of Windows 95, 98 and NT computers that are running Microsoft Outlook, Outlook Express and Exchange e-mail programs should beware.

“This worm, when activated, will search for and destroy Word documents, Excel spreadsheets, PowerPoint presentations and source code files for Assembler, C and C++ on all hard drives from C to Z,” commented Keith Peer, President of Central Command.

W32/ExploreZip.worm.pak, which uses a file compression tool to conceal its presence from anti-virus programs that operate with older settings, will attempt to send itself out to the first 100 people in the Outlook address book. According to Trend Micro, contaminated data in a user’s system will be unrecoverable.

An infected message will explain to users, “I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs.”

A Slimy Opportunity

When the original ExploreZip worm slithered its way online, e-commerce sites such as Beyond.com and Staples.com saw opportunity written all over it.

While the media picked up the trail of the worm, and companies were busy shutting down their e-mail systems, Beyond.Com posted fix-related links at its online Anti-Virus Center.

Despite numerous warnings, ExploreZip spread rapidly over the Internet. Industry heavyweights such as Compaq, General Electric and Microsoft were reportedly hit.

Reformatted Without a Kiss Under The Mistletoe

As the holiday e-shopping season opened recently, anti-virus researchers warned of another computer virus threat — a Melissa variant that could deliver a malicious payload present to users on December 25th.

The virus, known as W97M.Prilissa.A, or simply Prilissa, infects users of Windows 95 or 98 by way of an e-mail attachment. Prilissa, like the new ExploreZip, is then sent out to the first 100 e-mail addresses in the infected user’s address book, with the message “this document is very Important and you’ve GOT to read this!!!”

“Both of these computer worms are capable of spreading rapidly through e-mail,” stated Vincent Weafer, director of the Symantec AntiVirus Research Center. “Additionally, W32/ExploreZip.worm.pak has the potential to cause serious damage.”

“We urge users to update their anti-virus definitions immediately and to continue to keep their definitions up to date to ensure that their critical data remains protected,” added Weafer.