[CH] New Email Worm

Tantrika (hummer13@earthlink.net)
Thu, 10 Jun 1999 14:52:23 -0700

Don't worry, I know the difference between a real virus and a hoax....this
is real.

A new e-mail worm spreading globally 
                                                                             

'ZippedFiles' or 'ExploreZip' spreads like Melissa 

Espoo, Finland, June 10, 1999 - A new e-mail worm has been found and is
spreading rapidly through the Internet. This virus works like a chain
letter and carries a destructive payload. So far, it has been reported from
a dozen countries, including USA, Germany, Norway, Israel and the Czech
Republic. The virus is expected to spread globally within hours. 

This virus is known as either 'ZippedFiles' or 'ExploreZip'. It arrives to
a user via an e-mail attachment. When the attachment is opened, the 
virus will browse through the inbox of the Microsoft Outlook e-mail program
and will send a reply to every message. 

As a result, if a user called John Doe has recently received an e-mail from
Jane Smith with the subject 'Please check these numbers', John's machine
will automatically send a message which will look like this: 

From: John Doe
To: Jane Smith
Subject: RE: Please check these numbers

Hi Jane

I have received your email and I shall send you a reply ASAP.
Till then take a look at the attached zipped docs.

Sincerely 

John.
                             
Attachment: zipped_files.exe

The attachment looks like a WinZip archive file. When the received tries to
unpack it by double-clicking it, he will get a WinZip error message
complaining about a broken archive: 

Cannot open file: it does not appear to be a valid archive.  If this file
is part of a ZIP format backup set, insert the last disk of the backup set
and try again. Please press F1 for help. WinZip error message 

In addition to spreading like a chain letter, the virus will try to
overwrite the user's files on any accessible drives, including all network
drives. The files that are overwritten must have one of these extensions: 

DOC - Microsoft Word documents 
XLS - Microsoft Excel spreadsheets
PPT - Microsoft PowerPoint presentations
ASM - Assembler source files
CPP - C++ source files

If the recipient is using an e-mail system other than Microsoft Outlook,
ZippedFiles will not spread further. However, it will damage the
recipient's files. ZippedFiles operates under the Windows 95, 98 and NT
operating systems. 


"This seems to be spreading fast," Mikko Hypponen, Manager of Anti-Virus
Research at Data Fellows Corporation, comments, "but not as fast Melissa.
The key issue here is that messages sent by ZippedFiles are very credible -
they are normal-looking replies to messages you have sent earlier. You're
quite likely to trust these messages and open the attachment." 

Data Fellows has analysed ZippedFiles and has provided an update to detect
and disinfect it. More technical information on the virus and
the update are both available from http://www.DataFellows.com or
http://www.europe.datafellows.com/v-descs/zipped.htm