|
PureBytes Links
Trading Reference Links
|
This press release comes from Data Fellows. For more
information on Data Fellows' mailing list policy,
see end of message.
New Variant of ExploreZip Worm Wreaks Havoc Across Corporate Networks
Espoo, Finland, December 1, 1999 - Data Fellows, a leading provider of
centrally managed, widely distributed security solutions, today announced,
that a new variation of the ExploreZip worm has been found and has already
infected a number of Fortune 500 companies as well as a host of smaller
companies during business day Tuesday in the US. This virus works like a
chain letter and carries a destructive payload. So far, Data Fellows has
received reports from the USA, Europe and Asia. The virus is likely to
spread globally within hours.
This virus is known as W32/ExploreZip.worm.pak. According to Data Fellows
virus researchers, the original virus has been packed to reduce its file
size to half. This made the new variant undetectable to most anti-virus
programs, which has not been updated very recently.
The virus itself arrives to a user via an e-mail attachment. When the
attachment is opened, the virus will start to reply to e-mail messages,
making it appear as if the user would have replied personally. In addition
to this, once the virus infects one machine in a corporate network, it will
start to look for other Windows workstations in the network. If another user
has shared directories from his machine with others, the virus will try to
infect this machine over the network.
As a result, if a user called John Doe receives an e-mail from Jane Smith
with the subject 'Please check these numbers', John's machine will
automatically send a message which will look like this:
From: John Doe
To: Jane Smith
Subject: RE: Please check these numbers
Hi Jane
I have received your email and I shall send you a reply ASAP.
Till then take a look at the attached zipped docs.
Sincerely
John.
Attachment: zipped_files.exe
The attachment looks like a WinZip archive file. When the receiver tries to
unpack it by double-clicking it, he will get a WinZip error message
complaining about a broken archive. In addition to spreading like a chain
letter, the virus will try to overwrite the user's document files on any
accessible drives, including all network drives. If the recipient is using
an e-mail system other than Microsoft Outlook, ZippedFiles will not spread
further. However, it will damage the recipient's files. ZippedFiles operates
under the Windows 95, 98 and NT operating systems.
"This seems to be spreading fast," Mikko Hypponen, Manager of Anti-Virus
Research at Data Fellows Corporation, comments, "but not as fast Melissa.
The key issue here is that messages sent by ZippedFiles are very credible -
they are normal-looking replies to messages you have sent earlier. You're
quite likely to trust these messages and open the attachment."
Data Fellows already have detection and removal of this new variant worm
with a special update that can be downloaded from:
ftp (special update):
ftp://ftp.europe.DataFellows.com/anti-virus/updates/avp/zipfiles.zip
ftp (all updates including the special one):
ftp://ftp.europe.DataFellows.com/anti-virus/updates/fsupdate.exe
(all updates including the special one)
http://www.europe.datafellows.com/download-purchase/updates.html
About Data Fellows
Data Fellows is a leading developer of centrally managed, widely distributed
security solutions. The company offers a full range of award-winning,
integrated anti-virus, file encryption and VPN solutions for workstations,
servers and gateways. F-Secure products and Framework are uniquely suited
for delivery of Security as a Service™ by enterprise IT departments as well
as a wide range of partners including ISPs, outsourcing firms and ASPs. For
the end-user, Security as a Service is invisible, automatic, reliable,
always-on, and up-to-date. For the administrator, Security as a Service
means policy-based management, instant alerts, and centralized management of
a widely-distributed user base.
Founded in 1988, Data Fellows is listed on the Helsinki Stock Exchange (HEX:
FSC). The company is headquartered in Espoo, Finland with North American
headquarters in San Jose, California, as well as offices in Canada, Germany,
China, France, Japan and the United Kingdom. Data Fellows is supported by a
network of VARs and Distributors in over 90 countries around the globe.
For more information, please contact
Finland:
Data Fellows Corporation
Mr. Mikko Hyppönen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
Tel +358 9 8599 0513
Fax +358 9 8599 0599
E-mail: Mikko.Hypponen@xxxxxxxxxxxxxxx
USA:
Data Fellows Inc.
Mr. Dan Takata, Manager, Training Division, Professional Services
675 N. First Street, 8th Floor
San Jose, CA 95112
USA
Tel. +1 408 938 6700,
Fax +1 408 938 6701
http://www.DataFellows
Mailing list policy
You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of Data Fellows and are not
sold or or given to third parties.
If you no longer wish to receive our press releases, or your email address
has been added to our lists without your consent, you can unsubscribe at
http://www.DataFellows.com/news/subscribe.html
If you only wish to receive our press releases concerning viruses,
please go to
http://www.DataFellows.com/news/subscribe.html
and first unsubscribe from
press-english-interest@xxxxxxxxxxxxxxxxxxxxx
and then subscribe to
press-english-virus-announcement@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
______________________
Tammy Lam Tel:+358 9 8599 0573
Marketing Coordinator Fax:+358 9 8599 0599
GSM:+358 40 570 6226
Data Fellows Corporation http://www.DataFellows.com
F-Secure products: Integrated Solutions for Enterprise Security
____________________________________________
|