Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Information Technology Trainers

ExploreZip Worm Returns

MiniZip compressed version sneaks past anti-virus apps

ITINFO Sponsor

Website Hosting: Special Offer for IT Professionals

Fast, unlimited hits. Secure SSL servers.
100MB web & ftp storage.
Unlimited email aliasing, redirection, and autoresponders.
4 multi-homed T3 & T1 lines on the primary backbone.
24/7 Monitoring
Daily access reports
Free MySQL database with multiple tables ($120 value)
Free PGP encryption ($120 value)
Free Autoresponders ($120 value each)
Ask for the special database package

host@dgl.com
DGL Super-Fast Website Hosting

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

ExploreZip Jr. Foils Anti-Virus Software

by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder First reported by ITinfo in June (see related article below), the ExploreZip worm has returned and it's back with a vengeance.

A new compressed version has attacked several major companies. According to Dan Schrader, Trend Micro's Vice President of New Technology, "ExploreZip hasn't been altered at all: all someone did was store it in a very unusual compression format, called Neolite. We already scan for compressed files, but they chose one that we don't [detect] so far."

It's being dubbed MiniZip by some security vendors. It's the same technology as the worm's first iteration, but because it's signature is altered by the Neolite compression, anti-virus programs can't yet detect it.

All three leading anti-virus security firms, Network Associates, Symantec, and Trend Micro have received copies of the virus from infected customers.

If the worm's infection follows the same pattern as the original ExploreZip, Asia will see a marked increase in rates of infection overnight Tuesday evening, and the U.S. and Europe will follow with infections on Wednesday.

The worm's payload is the same as before: deleting files, and automatically sending infected email messages to address book lists. It affects systems running Microsoft Outlook, Outlook Express, and Exchange.

Call for Comments

What do you think? Have you run across the ExploreZip virus? Leave your comments on the message center: http://itrain.org/msg/

Related Article

Worm.ExploreZip Does More Damage

References

Trend Micro
Network Associates
Symantec AntiVirus Research Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated November 30, 1999
http://dgl.com/itinfo/1999/it991130a.html

Return to DGL homepage
Copyright © 1999, Damar Group, Ltd., All Rights Reserved