Network administrators who struggled to clean up the mess left by Melissa now face another worm that can quickly clog their mail servers with large amounts of bogus e-mail - and delete user files.
The new worm, dubbed Worm.ExploreZip or TROJ_EXPLOREZIP, apparently only affects Windows machines running MAPI e-mail clients, such as Microsoft Outlook and combines the worst attributes of Melissa and the Happy99.exe file.
It spreads when unsuspecting users open a message, apparently from a correspondent they already know, and then click on an attachment. The message says "I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs."
Launching the attachment sets up a monitoring application that responds to all incoming mail with this note and attachment. But unlike Melissa, which only existed to replicate, this worm copies itself to the user's system directory as explore.exe - so that it runs on every reboot - and scans the hard drive, rendering useless Microsoft Word, Excel and PowerPoint files, as well as C programs.
According to Trend Micro, it only affects users with a personal folder in their desktop mail clients; it does not run off shared Exchange servers.
One East Coast company effectively lost its network for more than 24 hours this week after administrators discovered the worm on their NT mail servers. Administrators not only shut down the mail servers but began a desktop-by-desktop search for the worm, according to one worker lucky enough to be able to shift his work to his home office - and his non-Microsoft mail client.
One consulting firm that relies heavily on e-mail to communicate with clients had to send out this note on Thursday: "About an hour ago, I opened an attachment contaminated with that virus and may have inadvertently sent it to you. The virus caused my e-mail system to automatically send messages."
RELATED LINKS
I-Worm.ZipExplore alert
Description of the worm from Panda Software.
TROJ_EXPLOREZIP
Overview from Trend Micro.
