||||
Symantec.com > Security Response > Worm.ExploreZip

Worm.ExploreZip

Risk Level 1: Very Low

Printer Friendly Page

Discovered: June 6, 1999
Updated: May 1, 2007 10:34:31 AM
Also Known As: I-Worm.ZippedFiles [Kaspersky], Win32/ExploreZip.Worm [Computer Associates], W32/ExploreZip@MM [McAfee]
Type: Worm
Infection Length: 210,432 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000

Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in your Inbox. The email attachment is Zipped_files.exe.

The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the \Windows folder of the remote computer and then modifies the Win.ini file of the infected computer.

On January 8, 2003, Security Response discovered a packed variant of this threat which exhibits the same characteristics. Protection will be available for this new variant in virus definitions dated 1/8/2003 with a version number of 50108q (20030108.017) or greater.

Protection

  • Initial Rapid Release version June 9, 1999
  • Latest Rapid Release version March 3, 2008 revision 035
  • Initial Daily Certified version June 9, 1999
  • Latest Daily Certified version March 3, 2008 revision 037
  • Initial Weekly Certified release date June 9, 1999

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 50 - 999
  • Number of Sites: 3 - 9
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: High
  • Payload: In addition, when Worm.ExploreZip is executed, it also searches through the C through Z drives of your computer system and accessible network machines for particular files. The worm selects a series of files to destroy of multiple file extensions (includi
  • Large Scale E-mailing: Using MS Outlook/Express/MS Exchange
  • Deletes Files: All files with .c, .cpp, .h, .asm, .doc, .ppt, .xls extensions
  • Modifies Files: WIN.INI
  • Degrades Performance: Increased hard-drive activity, unrecoverable loss of data

Distribution

  • Distribution Level: High
  • Subject of Email: Subject is correspondet to a reply from a known e-mail recipient on the previously sent e-mail
  • Name of Attachment: Zipped_files.exe
  • Size of Attachment: One file
  • Shared Drives: Infects all local and mapped network drives
  • Target of Infection: Windows 9x / NT systems

Writeup By: Eric Chien
PRINT THIS PAGE
Search by name
Example: W32.Beagle.AG@mm
Norton Green PC Service
Windows Vista Security
©1995 - 2008 Symantec Corporation
Site Map |
Legal Notices |
Privacy Policy |
|
Contact Us |
Global Sites |
License Agreements