News

New Strain of Virus Detected

A new variant of the Trojan ExploreZip virus was discovered today. Fixes have been posted on the sites of the three main anti-virus companies, Trend Micro (www.antivirus.com), Symantec (www.symantec.com), and Network Associates Inc. (www.nai.com). The variant, known as TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that the variant is compressed with a different type of compression format, thereby evading standard anti-virus software and protection for the original worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems.

Finjan Software (www.finjan.com) claims that its First-Strike Security software blocks the worm before it has a chance to evade traditional anti-virus software.

TROJ_EXPZIPWMPAK e-mails itself out as an attachment under the filename "zipped_files.exe." The subject line of the e-mail varies. The body of the e-mail message occasionally contains the following text:

Hi <Recipient Name>!
I received your email and I shall send you a
reply ASAP.
Till then, take a look at the attached zipped
docs.
Bye (This salutation varies between Bye, Sincerely, and All)

After a user clicks on the attachment, the variant searches hard drives C: through Z:, selecting the Microsoft Word, Excel, and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler sources files, and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI-enabled e-mail systems to automatically reply to any subsequently received e-mail messages. The e-mail reply will include the infected attachment with the message shown above. It will use the subject line of the received e-mail when it replies.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Azure Networking Enhancements Announced at Ignite

    Azure networking improvements were announced by Microsoft as part of its Ignite Conference.

  • How To Reclaim Your Privacy from Windows 10, Part 2

    These are the top four privacy settings to check in your Windows device to make sure Microsoft doesn't collect any data you don't want it to.

  • Microsoft Releases Out-of-Band Security Patches for Exchange Server

    Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks.

  • Microsoft Mesh for Building Mixed Reality Apps Highlighted at Ignite

    The Microsoft Ignite Day 1 keynote presentations were heavy with talk about Microsoft Mesh, a new Microsoft Azure-based platform for building "cross-platform mixed reality apps" for multiple participants.

comments powered by Disqus