ExploreZip virus hits Aust shores
- — 02 December, 1999 21:49
The new ExploreZip virus has infected several Australian companies. The virus hit Sabela Media and Ninemsn late yesterday, with both businesses reporting minimal damage. Many other companies, including KPMG, are also believed to have been infected.
Gour Lentell, executive chairman at Sabela, said ExploreZip had corrupted "some files" on the file server. "We're recovering that from the tape backup now," Lentell said.
Lentell said Sabela had received 10 more versions of the transmitting e-mail since the original infection.
Antivirus vendor Network Associates has logged more than 100 calls about the virus in the last 48 hours, sales support director Dean Stockwell said.
Stockwell called ExploreZip "the next Melissa", because of the rapid way it spreads. "It's a good thing that Melissa caught everyone off-guard, because this time it's pretty much been minimal damage," Stockwell said.
The Melissa virus e-mailed itself to recipients via a user's address book. That outbreak was sufficient warning to IT departments to upgrade their antivirus protection, which subsequently protected them from this outbreak, Stockwell said.
Dubbed MiniZip by some security vendors -- a reference to how the worm has been compressed -- this latest outbreak uses exactly the same technology as ExploreZip, the only difference being that it has been compressed in a format that masks it from security systems which scan incoming messages for attacks. While many antivirus applications now scan compressed files (and all scan for ExploreZip) the creator of MiniZip used a lesser-known shareware compression system called Neolite to render it invisible to anti-virus security systems.
Other than the compressed file format and the slightly different name of ExploreZip.worm.pak, the virus operates in the same way as before, infecting a machine, deleting files, and automatically sending infected responses to other users. It, too, affects systems running Microsoft Outlook, Outlook Express and Exchange.
Both versions send an automatic message with the text: "I received your email and I will send you a reply ASAP. Till then, take a look at the attached zipped docs." However, the attachment actually contains an executable file that infects the system, rather than documents.
Most antivirus vendors have posted fixes to their Web sites.