[Date Prev][Date Next] [Chronological] [Thread] [Top]
"MEDIA RELEASE: New Variant of ExploreZip Worm Wreaks Havoc Across Corporate Networks"

To: sis@stat.unipg.it
Subject: "MEDIA RELEASE: New Variant of ExploreZip Worm Wreaks Havoc Across Corporate Networks"
From: Leona Bassein <bassein@orsola-malpighi.med.unibo.it>
Date: Wed, 01 Dec 1999 18:48:05
>Delivered-To: bassein@orsola-malpighi.med.unibo.it
>Mailing-List: contact
press-english-virus-announcement-help@lists.datafellows.com; run by ezmlm
>Delivered-To: mailing list
press-english-virus-announcement@lists.datafellows.com
>Delivered-To: moderator for
press-english-virus-announcement@lists.datafellows.com
>From: "Tammy Lam" <tammy.lam@datafellows.com>
>To: <press-english-technical@lists.datafellows.com>,
>	<press-english-interest@lists.datafellows.com>,
>	<press-pr@lists.datafellows.com>,
>	<press-english-virus-announcement@lists.datafellows.com>
>Subject: "MEDIA RELEASE: New Variant of ExploreZip Worm Wreaks Havoc
Across Corporate Networks"
>Date: Wed, 1 Dec 1999 13:45:44 +0200
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
>Importance: Normal
>X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
>
>
>This press release comes from Data Fellows. For more
>information on Data Fellows' mailing list policy,
>see end of message.
>
>New Variant of ExploreZip Worm Wreaks Havoc Across Corporate Networks
>
>Espoo, Finland, December 1, 1999 - Data Fellows, a leading provider of
>centrally managed, widely distributed security solutions, today announced,
>that a new variation of the ExploreZip worm has been found and has already
>infected a number of Fortune 500 companies as well as a host of smaller
>companies during business day Tuesday in the US. This virus works like a
>chain letter and carries a destructive payload. So far, Data Fellows has
>received reports from the USA, Europe and Asia. The virus is likely to
>spread globally within hours.
>This virus is known as W32/ExploreZip.worm.pak. According to Data Fellows
>virus researchers, the original virus has been packed to reduce its file
>size to half. This made the new variant undetectable to most anti-virus
>programs, which has not been updated very recently.
>The virus itself arrives to a user via an e-mail attachment. When the
>attachment is opened, the virus will start to reply to e-mail messages,
>making it appear as if the user would have replied personally. In addition
>to this, once the virus infects one machine in a corporate network, it will
>start to look for other Windows workstations in the network. If another user
>has shared directories from his machine with others, the virus will try to
>infect this machine over the network.
>As a result, if a user called John Doe receives an e-mail from Jane Smith
>with the subject 'Please check these numbers', John's machine will
>automatically send a message which will look like this:
>
>  From: John Doe
>  To: Jane Smith
>  Subject: RE: Please check these numbers
>
>  Hi Jane
>
>  I have received your email and I shall send you a reply ASAP.
>  Till then take a look at the attached zipped docs.
>  Sincerely
>       John.
>
>  Attachment: zipped_files.exe
>
>The attachment looks like a WinZip archive file. When the receiver tries to
>unpack it by double-clicking it, he will get a WinZip error message
>complaining about a broken archive. In addition to spreading like a chain
>letter, the virus will try to overwrite the user's document files on any
>accessible drives, including all network drives. If the recipient is using
>an e-mail system other than Microsoft Outlook, ZippedFiles will not spread
>further. However, it will damage the recipient's files. ZippedFiles operates
>under the Windows 95, 98 and NT operating systems.
>"This seems to be spreading fast," Mikko Hypponen, Manager of Anti-Virus
>Research at Data Fellows Corporation, comments, "but not as fast Melissa.
>The key issue here is that messages sent by ZippedFiles are very credible -
>they are normal-looking replies to messages you have sent earlier. You're
>quite likely to trust these messages and open the attachment."
>Data Fellows already have detection and removal of this new variant worm
>with a special update that can be downloaded from:
>ftp (special update):
>ftp://ftp.europe.DataFellows.com/anti-virus/updates/avp/zipfiles.zip
>ftp (all updates including the special one):
>ftp://ftp.europe.DataFellows.com/anti-virus/updates/fsupdate.exe
>(all updates including the special one)
>http://www.europe.datafellows.com/download-purchase/updates.html
>
>About Data Fellows
>
>Data Fellows is a leading developer of centrally managed, widely distributed
>security solutions. The company offers a full range of award-winning,
>integrated anti-virus, file encryption and VPN solutions for workstations,
>servers and gateways. F-Secure products and Framework are uniquely suited
>for delivery of Security as a Service™ by enterprise IT departments as well
>as a wide range of partners including ISPs, outsourcing firms and ASPs. For
>the end-user, Security as a Service is invisible, automatic, reliable,
>always-on, and up-to-date. For the administrator, Security as a Service
>means policy-based management, instant alerts, and centralized management of
>a widely-distributed user base.
>
>Founded in 1988, Data Fellows is listed on the Helsinki Stock Exchange (HEX:
>FSC). The company is headquartered in Espoo, Finland with North American
>headquarters in San Jose, California, as well as offices in Canada, Germany,
>China, France, Japan and the United Kingdom. Data Fellows is supported by a
>network of VARs and Distributors in over 90 countries around the globe.
>
>For more information, please contact
>
>Finland:
>Data Fellows Corporation
>Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
>PL 24
>FIN-02231 ESPOO
>Tel +358 9 8599 0513
>Fax +358 9 8599 0599
>E-mail: Mikko.Hypponen@DataFellows.com
>
>USA:
>Data Fellows Inc.
>Mr. Dan Takata, Manager, Training Division, Professional Services
>675 N. First Street, 8th Floor
>San Jose, CA 95112
>USA
>Tel. +1 408 938 6700,
>Fax  +1 408 938 6701
>http://www.DataFellows
>
>Mailing list policy
>
>You have previously expressed interest in our products, or have asked
>to be included on one of our press release lists by personally giving us
>your e-mail address for this purpose.Our mailing list are for the
>exclusive use and the expressed purpose of Data Fellows and are not
>sold or or given to third parties.
>
>If you no longer wish to receive our press releases, or your email address
>has been added to our lists without your consent, you can unsubscribe at
>http://www.DataFellows.com/news/subscribe.html
>
>If you only wish to receive our press releases concerning viruses,
>please go to
>http://www.DataFellows.com/news/subscribe.html
>and first unsubscribe from
>press-english-interest@lists.datafellows.com
>and then subscribe to
>press-english-virus-announcement@lists.datafellows.com______________________
>______________________
>
>Tammy Lam		      Tel:+358 9 8599 0573
>Marketing Coordinator	Fax:+358 9 8599 0599
>                        GSM:+358 40 570 6226
>
>Data Fellows Corporation http://www.DataFellows.com
>
>F-Secure products: Integrated Solutions for Enterprise Security
>____________________________________________
>
>
>
Prev by Date: Convegno Captor 2000 - Padova, 10-11 Febbraio 2000
Next by Date: Seminari
Index(es):
- Chronological
- Thread