This time it's a virus warning which is not a joke - just ask the BBC
(no
email facilities for 2 days now), Sky (it trashed half their systems) or
half the banks - who aren't letting employees use mail programs at all.
> -----Original Message-----
> From: Nik Cuckson
> Sent: 10 June 1999 17:26
> To: All Oyster Employees
> Subject: FW: Warning! Worm virus being sent to
> ServletExec Interest list autho rs, don't open
> attachments like: zipped_files.exe
>
> Just received this mail from a list server ... this is a new
> virus ... beware of mail attachments... description of the
> virus is at the bottom of this message
>
> -----Original Message-----
> From: Craig J. Detter [SMTP:[log in to unmask]]
> Sent: Thursday, June 10, 1999 5:21 PM
> To: ServletExec-Interest ServletExec (E-mail)
> Subject: Warning! Worm virus being sent to ServletExec
> Interest list autho rs, don't open attachments like:
> zipped_files.exe
>
> I received two email messages today from someone in Europe
> the subject line
> came from a message I posted to the ServletExec Interest list.
>
> The description of this virus is:
> http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
>
> This is a description I pulled from Symantec:
>
> Worm.ExploreZip
>
> Virus Name: Worm.ExploreZip
> Infection Length: 210,432 bytes
> Area of Infection: C:\Windows\System\, Email Attachments
> Likelihood: Common
> Detected as of: June 6, 1999
> Characteristics: Worm, Trojan Horse
>
> <<...>>
> Description:
> Worm.ExploreZip is a worm that contains a malicious payload. The worm
> utilizes MAPI commands and Microsoft Outlook on Windows
> systems to propagate
> itself. The worm was first discovered in Israel and submitted to the
> Symantec AntiVirus Research Center on June 6, 1999.
> The worm e-mails itself out as an attachment with the filename
> "zipped_files.exe". The body of the e-mail message may appear
> to come from a
> known e-mail correspondent and contains the following text:
> Hi Receipient Name!
>
> I received your email and I shall send you a reply ASAP.
>
> Till then, take a look at the attached zipped docs.
>
> bye
> The worm determines whom to mail this message to by going through your
> received messages in your Inbox.
> Once the attachment is executed, it may display the following window:
> <<...>>
> The worm proceeds to copy itself to the c:\windows\system
> directory with the
> filename "Explore.exe" and then modifies the WIN.INI file so,
> the program is
> executed each time Windows is started. The worm then utilizes
> your e-mail
> client to harvest e-mail addresses in order to propagate
> itself. One may
> notice their e-mail client start when this occurs.
> <<...>>
> Payload:
> In addition, when Worm.ExploreZip is executed, it also
> searches through the
> C through Z drives of your computer system and selects a
> series of files of
> any file extension to destroy by making them 0 bytes long.
> This can result
> in non-recoverable data and/or computer system.
> <<...>>
> Repair Notes:
> To remove this worm, one should perform the following steps:
> Remove the line run=C:\WINDOWS\SYSTEM\Explore.exe from
> the WIN.INI
> file
> Delete the file "C:\WINDOWS\SYSTEM\EXPLORE.EXE". One may need to
> reboot first, if the file is currently in use.
> Norton AntiVirus users can protect themselves from this worm
> by downloading
> the current virus definitions either through LiveUpdate or from the
> following webpage:
> <http://www.symantec.com/avcenter/download.html>
> Write-up by: Eric Chien
> Update: June 9, 1999
>
>
> ------------------------ ServletExec-Interest ------------------------
> To unsubscribe, send email to [log in to unmask] and put the
> command "unsubscribe servletexec" in the body of the message.
>
> Archives: <http://www.egroups.com/group/servletexec/>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|