News

New Strain of Virus Detected

A new variant of the Trojan ExploreZip virus was discovered today. Fixes have been posted on the sites of the three main anti-virus companies, Trend Micro (www.antivirus.com), Symantec (www.symantec.com), and Network Associates Inc. (www.nai.com). The variant, known as TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that the variant is compressed with a different type of compression format, thereby evading standard anti-virus software and protection for the original worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems.

Finjan Software (www.finjan.com) claims that its First-Strike Security software blocks the worm before it has a chance to evade traditional anti-virus software.

TROJ_EXPZIPWMPAK e-mails itself out as an attachment under the filename "zipped_files.exe." The subject line of the e-mail varies. The body of the e-mail message occasionally contains the following text:

Hi <Recipient Name>!
I received your email and I shall send you a
reply ASAP.
Till then, take a look at the attached zipped
docs.
Bye (This salutation varies between Bye, Sincerely, and All)

After a user clicks on the attachment, the variant searches hard drives C: through Z:, selecting the Microsoft Word, Excel, and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler sources files, and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI-enabled e-mail systems to automatically reply to any subsequently received e-mail messages. The e-mail reply will include the infected attachment with the message shown above. It will use the subject line of the received e-mail when it replies.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Expands Azure AD Password Lengths, Adds Conditional Access Controls

    Microsoft announced a couple of Azure Active Directory enhancements this week regarding password lengths and new conditional access controls for IT pros.

  • Attack Surface Analyzer 2.0 Available for Checking Software Installs

    Microsoft this week described Attack Surface Analyzer 2.0, an updated tool for checking software installations that's now built using open source code.

  • What Causes Hyper-V Replication Failures?

    Hyper-V replication failures happen rarely, but their impact can be catastrophic when they do. Know the scenarios that are likely to trigger a replication failure.

  • Microsoft Touts Using HyperClear To Address Intel Processor Woes

    Microsoft is again promoting its HyperClear Hyper-V hypervisor technology as a potential balm for organizations trying to come to grips with Intel's latest speculative execution side-channel attack disclosures.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.