for once this is not another hoax (=fake virus warning) but dead serious
stuff...!!!!!!!!
Windows NTools E-NewsFlash[tm] Electronic Newsletter
Vol. 4, #38 - December 1, 1999
Published by sunbelt-software.com since 1996 - ISSN: 1527-3407
'Immediate Notification Of Important Windows NT/2000 Events'
******************* over 400,000 SUBSCRIBERS*****************
Hi All,
-------------------------------------------------------------
There is a new malicious strain out of the Explore.zip virus
-------------------------------------------------------------
Immediately WARN your troops NOT to open up any email that
starts with:
Hi <Recipient Name>!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
Bye (This salutation messages changes and may be "Bye",
Sincerely" and "All")
Do this first. Then read more below, and check with your
vendor of virus software if they can protect you. I got
the following this morning from Trend Micro. (extract
follows)
--------------------------------------------------------
TROJ_EXPLOREZIP Is Back with a Twist
A variant of the autospam TROJ_EXPLOREZIP worm,
TROJ_EXPZIPWMPAK, is spreading quickly and damaging files
There is a newly discovered variant of the Trojan ExploreZip
worm that was originally discovered in June, 1999. This
variant, TROJ_EXPZIPWMPAK, is identical to the original
ExploreZip worm in that it is auto-spamming malicious code
that destroys data on the infected system. The only
significant difference between this variant of the worm
and the original is that TROJ_EXPZIPWMPAK is compressed
with a different type of compression format, thereby evading
protection for the previous worm. TROJ_EXPZIPWMPAK attacks
Windows 95, 98, and NT systems and has been detected at
several Fortune 500 customer sites in the United States.
TROJ_EXPZIPWMPAK emails itself out as an attachment under
the filename "zipped_files.exe". The subject line of the
email varies. The body of the email message may also contain
the following text:
Hi <Recipient Name>!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
Bye (This salutation messages changes and may be "Bye",
Sincerely" and "All")
After a user clicks on the attachment, this destructive trojan
searches hard drives C: through Z:, selecting the Microsoft Word,
Excel and PowerPoint files as well as source code files used by
programmers including C++, C, and Assembler source files and
reduces their file size to zero, making the data unrecoverable.
When executed, TROJ_EXPZIPWMPAK utilizes MAPI enabled email
systems, to automatically reply to any subsequently received
email messages. The email reply will include the infected
attachment with the message shown above. It will use the
subject line of the received email when it replies.
"TROJ_EXPLOREZIP caused millions of dollars of damage worldwide
the first time since it overwrites files, instead of just deleting
them, it's particularly damaging.
That's all for now.
Take quick action!
Warm regards,
Stu
*******************Internet Email Confidentiality Footer*******************
Privileged/Confidential Information may be contained in this message. If you
are not the addressee indicated in this message (or responsible for delivery of
the message to such person), you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly notify the sender by
reply email. Please advise immediately if you or your employer does not consent
to Internet email for messages of this kind. Opinions, conclusions and other
information in this message that do not relate to the official business of my
firm shall be understood as neither given nor endorsed by it.
-----------------------------------------------------------------
To stop getting this list send a message containing just the word
"unsubscribe" to [EMAIL PROTECTED]
