This was the message sent to all at our shop, we are a major utility company and we were hit today, watch out for all unknown attachments Denis levitre << > Microsoft Information Security Virus Warning (MSV99-001) > > Virus Name: ExploreZip.worm.pak (aliases: W32/ExploreZip.worm.pak, > Worm.ExploreZip) > Virus Type: Trojan Horse / Worm > > Summary: > This virus is sent via e-mail as an attachment, once executed on a system, > it deletes Office files and some programming files, and then mails itself > to > all users who have sent e-mail to the infected machine. This virus is a > compressed version of the original Worm.ExploreZip and contains the same > malicious payload. > >>
> -----Original Message----- > From: Nugent, Richard > Sent: > Subject: VIRUS ALERT PLEASE READ IMMEDIATELY > Importance: High > > Please read the following: > This Virus is already hitting NSTAR, please do not click on any > attachments named zipped_files.exe. > > There will be an updated DAT file for MacAfee Viruscan sometime today > 12/02. > The helpdesk will notify all users when the updated file is available. > Any questions please call the help desk on X2930. > > Payload Notice > This worm has a dangerous payload. Immediately after execution it > will search all available local driver from C: to Z: for the following > files of extension: .c, .cpp, .h, .asm, .doc, .xls, or .ppt. When found, > they are opened for write and immediately closed leaving them with a zero > byte count. Approximately in 30 minute intervals, this payload is > repeated. > ***** These files with zero bytes are unrecoverable! ***** > > > Microsoft Information Security Virus Warning (MSV99-001) > > Virus Name: ExploreZip.worm.pak (aliases: W32/ExploreZip.worm.pak, > Worm.ExploreZip) > Virus Type: Trojan Horse / Worm > > Summary: > This virus is sent via e-mail as an attachment, once executed on a system, > it deletes Office files and some programming files, and then mails itself > to > all users who have sent e-mail to the infected machine. This virus is a > compressed version of the original Worm.ExploreZip and contains the same > malicious payload. > > > Details: > What Does The Virus Do? > The worm propagates itself via e-mail. The worm e-mails itself out as an > attachment with the filename "zipped_files.exe". The body of the e-mail > message may appear to come from a known e-mail correspondent and contains > the following text: > > I received your email and I shall send you a reply ASAP. > Till then, take a look at the attached zipped docs. > > Once the attachment is executed, it will unpacked itself and deliver it's > payload. It may display an error message informing the user that the file > is not a valid archive. The worm proceeds to copy itself to the > c:\windows\system directory with the filename "Explore.exe" and then > modifies the WIN.INI file so that the program is executed each time > Windows > is started. > > How Do You Become Infected? > By running the file that is attached to e-mail called zipped_files.exe. > > How Do You Know You Are Infected? > If you have executed the attachment called zipped_files.exe then your > machine has been infected. > > How Is The Virus Transmitted? > The virus transmits itself automatically by sending itself as an > attachment > to anyone who sends e-mail to an infected machine. > > What Microsoft Operating Systems and Applications Are Affected? > All Windows Operation Systems > > How Prevalent Is This Virus? (as reported by third-party anti-virus > vendors) > Extremely High > > >
