New malicious worm spreads via e-mail
- — 10 June, 1999 21:49
A new malicious worm that can destroy files on a PC is circulating via e-mail, the Symantec Antivirus Research Centre (SARC) has warned today.
The Worm.ExploreZip was first discovered on June 6 and has been reported in countries around the world, SARC announced today in a virus alert.
The worm propagates itelf via MAPI capable e-mail programs, sending itself as an attachment with the file name "zipped_files.exe", according to SARC. The body of the e-mail contains the following text: "I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs."
"The worm then proceeds to copy itself to the c:\windows\system directory with the filename "Explore.exe" and then modifies the WIN.INI file, the program is executed each time Windows is started. The worm then utilises your e-mail client to harvest e-mail addresses in order to propagate itself. One may notice their e-mail client starts when this occurs."
When the worm is executed it also searches the drives of your computer system and destroys file by making them 0 bytes long, SARC said.
The centre has created a detection and repair patch which can be found at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/.
For futher information visit SARC's Web site, http://www.sarc.com