Just received the following message from another trader.
Before passing it on, I double checked the veracity of the warning over here....
stiller.com
The following is the text of the message.
=====================================================
This press release comes from Data Fellows. For more
information on Data Fellows' mailing list policy,
see end of message.
New Variant of ExploreZip Worm Wreaks Havoc Across Corporate Networks
Espoo, Finland, December 1, 1999 - Data Fellows, a leading provider
of
centrally managed, widely distributed security solutions, today
announced,
that a new variation of the ExploreZip worm has been found and has
already
infected a number of Fortune 500 companies as well as a host of
smaller
companies during business day Tuesday in the US. This virus works
like a
chain letter and carries a destructive payload. So far, Data Fellows
has
received reports from the USA, Europe and Asia. The virus is likely
to
spread globally within hours.
This virus is known as W32/ExploreZip.worm.pak. According to Data
Fellows
virus researchers, the original virus has been packed to reduce its
file
size to half. This made the new variant undetectable to most
anti-virus
programs, which has not been updated very recently.
The virus itself arrives to a user via an e-mail attachment. When the
attachment is opened, the virus will start to reply to e-mail
messages,
making it appear as if the user would have replied personally. In
addition
to this, once the virus infects one machine in a corporate network,
it will
start to look for other Windows workstations in the network. If
another user
has shared directories from his machine with others, the virus will
try to
infect this machine over the network.
As a result, if a user called John Doe receives an e-mail from Jane
Smith
with the subject 'Please check these numbers', John's machine will
automatically send a message which will look like this:
From: John Doe
To: Jane Smith
Subject: RE: Please check these numbers
Hi Jane
I have received your email and I shall send you a reply ASAP.
Till then take a look at the attached zipped docs.
Sincerely
John.
Attachment: zipped_files.exe
The attachment looks like a WinZip archive file. When the receiver
tries to
unpack it by double-clicking it, he will get a WinZip error message
complaining about a broken archive. In addition to spreading like a
chain
letter, the virus will try to overwrite the user's document files on
any
accessible drives, including all network drives. If the recipient is
using
an e-mail system other than Microsoft Outlook, ZippedFiles will not
spread
further. However, it will damage the recipient's files. ZippedFiles
operates
under the Windows 95, 98 and NT operating systems.
"This seems to be spreading fast," Mikko Hypponen, Manager of
Anti-Virus
Research at Data Fellows Corporation, comments, "but not as fast
Melissa.
The key issue here is that messages sent by ZippedFiles are very
credible -
they are normal-looking replies to messages you have sent earlier.
You're
quite likely to trust these messages and open the attachment."
Data Fellows already have detection and removal of this new variant
worm
with a special update that can be downloaded from:
ftp (special update):
ftp://ftp.europe.DataFellows.com/anti-virus/updates/avp/zipfiles.zip
ftp (all updates including the special one):
ftp://ftp.europe.DataFellows.com/anti-virus/updates/fsupdate.exe
(all updates including the special one)
europe.datafellows.com
About Data Fellows
Data Fellows is a leading developer of centrally managed, widely
distributed
security solutions. The company offers a full range of award-winning,
integrated anti-virus, file encryption and VPN solutions for
workstations,
servers and gateways. F-Secure products and Framework are uniquely
suited
for delivery of Security as a Serviceā¢ by enterprise IT departments
as well
as a wide range of partners including ISPs, outsourcing firms and
ASPs. For
the end-user, Security as a Service is invisible, automatic,
reliable,
always-on, and up-to-date. For the administrator, Security as a
Service
means policy-based management, instant alerts, and centralized
management of
a widely-distributed user base.
Founded in 1988, Data Fellows is listed on the Helsinki Stock
Exchange (HEX:
FSC). The company is headquartered in Espoo, Finland with North
American
headquarters in San Jose, California, as well as offices in Canada,
Germany,
China, France, Japan and the United Kingdom. Data Fellows is
supported by a
network of VARs and Distributors in over 90 countries around the
globe.
For more information, please contact
Finland:
Data Fellows Corporation
Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
Tel +358 9 8599 0513
Fax +358 9 8599 0599
E-mail: Mikko.Hypponen@DataFellows.com
USA:
Data Fellows Inc.
Mr. Dan Takata, Manager, Training Division, Professional Services
675 N. First Street, 8th Floor
San Jose, CA 95112
USA
Tel. +1 408 938 6700,
Fax +1 408 938 6701
datafellows
Mailing list policy
You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving
us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of Data Fellows and are not
sold or or given to third parties.
If you no longer wish to receive our press releases, or your email
address
has been added to our lists without your consent, you can unsubscribe
at
datafellows.com
If you only wish to receive our press releases concerning viruses,
please go to
datafellows.com
and first unsubscribe from
press-english-interest@lists.datafellows.com
and then subscribe to
press-english-virus-announcement@lists.datafellows.com______________________
______________________
Tammy Lam Tel:+358 9 8599 0573
Marketing Coordinator Fax:+358 9 8599 0599
GSM:+358 40 570 6226
Data Fellows Corporation datafellows.com
F-Secure products: Integrated Solutions for Enterprise Security
____________________________________________ |
