News

New Strain of Virus Detected

A new variant of the Trojan ExploreZip virus was discovered today. Fixes have been posted on the sites of the three main anti-virus companies, Trend Micro (www.antivirus.com), Symantec (www.symantec.com), and Network Associates Inc. (www.nai.com). The variant, known as TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that the variant is compressed with a different type of compression format, thereby evading standard anti-virus software and protection for the original worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems.

Finjan Software (www.finjan.com) claims that its First-Strike Security software blocks the worm before it has a chance to evade traditional anti-virus software.

TROJ_EXPZIPWMPAK e-mails itself out as an attachment under the filename "zipped_files.exe." The subject line of the e-mail varies. The body of the e-mail message occasionally contains the following text:

Hi <Recipient Name>!
I received your email and I shall send you a
reply ASAP.
Till then, take a look at the attached zipped
docs.
Bye (This salutation varies between Bye, Sincerely, and All)

After a user clicks on the attachment, the variant searches hard drives C: through Z:, selecting the Microsoft Word, Excel, and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler sources files, and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI-enabled e-mail systems to automatically reply to any subsequently received e-mail messages. The e-mail reply will include the infected attachment with the message shown above. It will use the subject line of the received e-mail when it replies.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Previews Windows VM Authentications via Azure Active Directory

    Microsoft on Thursday announced a preview of remote authentications into Windows-based Azure virtual machines (VMs) using Azure AD credentials.

  • Windows Server 20H1 Getting Smaller Containers and Faster PowerShell

    Microsoft is promising to deliver a smaller container size and improved PowerShell performance with its next release of Windows Server.

  • Microsoft Previews Microsoft Teams for Linux

    Microsoft on Tuesday announced a "limited preview" release of Microsoft Teams for certain Linux desktop operating systems.

  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.