Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Fugitive spam king dead in apparent murder-suicide
VPNs: Six burning questions
UPDATE: Microsoft exec leaving to become Juniper CEO
Parts of San Francisco network still locked out
Cisco to buy home-network software vendor
Attack code released for new DNS attack
Start-up led by Sun veterans readies data access for Web 2.0 world
Broadband to reach 77% of U.S. households by 2012, Gartner says
Ballmer: Microsoft ready to claim title as top enterprise software vendor
Big Brother's new software
Iron Mountain talks off-site storage, including in caves
Microsoft's VMM coming in September, exec says
Microsoft wants to steal five million Notes customers
Juniper hitting on all cylinders
WLAN design tool now works with 11n access points
/

Antivirus software vendors raise red flag on new versions of ExploreZip and Melissa

Today's breaking news
Send to a friendFeedback

Advertisement:

By Ellen Messmer
Network World Fusion, 12/01/99

They're ba-a-a-a-ack! Get ready for another assault from the e-mail-borne viruses ExploreZip and Melissa. These viruses have just re-appeared in a new morphed state to destroy their victims' data files.

The ExploreZip worm, you may recall from last June, can spread on Windows 95, 98 and NT computers using Microsoft Outlook, Outlook Express and Exchange e-mail. Its lethal payload is an attached "zip" file that the victim is urged to open. Once he does, he can kiss the data stored in his C drive source files, Word or Excel documents good-bye forever.

The new variant striking this week, called W32/ExploreZip.worm.pak or simply the "MiniZip virus," works exactly the same way. In fact, it is the exact same computer virus, treated to a data compression method. This compression reduces the virus to 128K bytes instead of 240K bytes, virus experts say. That means the antivirus software that does protect against the original ExploreZip may not spot this week's compressed MiniZip.

But some packages apparently will. "Our Norton antivirus software uses a heuristics methods that will allow it to detect and eradicate MiniZip," says Vincent Weafer, director of Symantec's Antivirus Research Center.

Computer users should check with their antivirus software vendors to make sure the defenses they are using have been properly updated to spot MiniZip. The vendors have this information readily available on their Web sites.

The second menace identified this week is a variant of the famed Melissa macrovirus which clogged corporate e-mail servers last March because it propagated so rapidly across the Internet. This version is in Spanish, Weafer says. "We originally spotted it coming out of Europe," he adds.

Like its predecessor, the new Melissa.AA doesn't carry a baneful payload of destruction when the unwary victim opens the attachment that the e-mail bears. But the virus does spread quickly - it grabs 100 addresses from the victim's Outlook directory and mails itself off. The original Melissa only grabbed 50. In the course of this happening, confidential documents can get mailed off the desktop of the unwitting as well.

Both Melissa viruses can replace any highlighted text in an open Word document with a space character. And these macroviruses might mail off confidential documents from the desktops of their victims.

Once again, antivirus software users should check with their vendors to be sure updates against the old Melissa will also protect against the new one.

Antivirus software vendor Network Associates emphasized it is critical for users to get the upgrade to NAI's Total Virus Defense products in order to combat the MiniZip virus. That can be done by going to www.nai.com.

"Over thirty companies are reporting MiniZip attacks to us," NAI Product Manager Sal Viveros says. "Thousands of systems are being hit."

RELATED LINKS

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

Feedback
Tell us your thoughts on this article or the issues it raises.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.